Overview

overview

5

Static

static

1

8d60f4eec2...18.exe

windows7-x64

4

8d60f4eec2...18.exe

windows10-2004-x64

5

$_3_.exe

windows7-x64

3

$_3_.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    133s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 07:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    $_3_.exe

  • Size

    1.8MB

  • MD5

    77bfacca17ee1d89833b57f3a746d9a0

  • SHA1

    aa9490c913489c5eafd02f67f875efcb56d23036

  • SHA256

    38571b0965110d07c6fbf4813ab628d4017cf52c681c457fb3f184b644fb0b52

  • SHA512

    21ecc2fce94a58cd39127964730b01722b9dafa20d3af65b023fe83188c08211ba1324849513ffc10b6a359737f98c4d06770dc1954f8880daff938a06581e6f

  • SSDEEP

    49152:/SNY8H0ZGF5j51XdQTPRPgojx1NslvUOl/WkMWAH:oY00Z8F1XdUL

Score
5/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$_3_.exe
    "C:\Users\Admin\AppData\Local\Temp\$_3_.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3108
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\30214.bat" "C:\Users\Admin\AppData\Local\Temp\9974B70B06C040A0AB857950C4C02E3C\""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2464
      • C:\Windows\SysWOW64\PING.EXE
        ping 127.0.0.1 -n 1 -w 1000
        3⤵
        • Runs ping.exe
        PID:1488

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\30214.bat
          Filesize

          214B

          MD5

          739fcc7ba42b209fe44bea47e7a8c48f

          SHA1

          bc7a448a7c018133edcf012bc94301623eb42c5b

          SHA256

          69017cdbbe68396f45e41d211b22d800cc1afc0eadbd3440873038585020315c

          SHA512

          2b2b130798b0f4e534626b9fb5deaa10bb1930e6700ac0ba7cf151c1bf3239039a7032ea67ceed86a4a4dbe981064c42a8e0f88fe8361e27002dd8ceb0ea767a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\9974B70B06C040A0AB857950C4C02E3C\9974B70B06C040A0AB857950C4C02E3C_LogFile.txt
          Filesize

          9KB

          MD5

          dc06461b21a2a367c099a7e418cbe640

          SHA1

          0d0f7f0c18f7fc2e9574dc5496cd86fead06a642

          SHA256

          aaf3d6f18b1d3a6736b88c8bc2d33530ad5b80fd26e562e00a21b119ede7bf17

          SHA512

          6a7c246ec45d79ace88c01edfb79c4df89ee1cdb225b6a5b309eb52c2ab1385afeab7d47c7d1fa57fa5346aa0470ee20e950045474899acd198f0d2511cbe885

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\9974B70B06C040A0AB857950C4C02E3C\9974B7~1.TXT
          Filesize

          109KB

          MD5

          a9209c474a616683c4660ddd15b0bddd

          SHA1

          c7550a4db32eb1ab1cb9e06bd7b387022e6232b7

          SHA256

          653da907ace2f3b6f6c74bd748de23ea01b421cbbc73f9c2749a9cda6f44ef01

          SHA512

          7df1a48eefb144ff0447f41fd4bd00a9222a14a9adbc03b1aadacfb1556204690b719d49b97cf5205c6119709b830bc887022eb793cd678143e35f36e9f55bf9

          Download Submit