Overview

overview

7

Static

static

3

725f22d2a1...e9.exe

windows7-x64

7

725f22d2a1...e9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/06/2024, 23:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    725f22d2a19a06a70f8704791ce594cd39e2e292c6e2a78cdf194f2629ed8be9.exe

  • Size

    32KB

  • MD5

    cfaf567efd07d28488df0114ad873bde

  • SHA1

    fefd2f2470e6754ba7e4b24b3ebbde4db647bf9a

  • SHA256

    725f22d2a19a06a70f8704791ce594cd39e2e292c6e2a78cdf194f2629ed8be9

  • SHA512

    ed95d967330463a66c5d92885973a4d6c1c12d47ef3f774e05a6b109f673f9e253e3ed3b51d1043bbd573e72e556e56d8476dfb7afc0ccb79ce2365d2856ea7e

  • SSDEEP

    384:MApc8m4e0GvQak4JI341C0abnk6hJPEz6+:MApQr0GvdFJI34qTk6hJPEzN

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\725f22d2a19a06a70f8704791ce594cd39e2e292c6e2a78cdf194f2629ed8be9.exe
    "C:\Users\Admin\AppData\Local\Temp\725f22d2a19a06a70f8704791ce594cd39e2e292c6e2a78cdf194f2629ed8be9.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:5064
    • C:\windows\SysWOW64\sal.exe
      "C:\windows\system32\sal.exe"
      2⤵
      • Executes dropped EXE
      PID:2248
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1032 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3972

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\SysWOW64\sal.exe
            Filesize

            32KB

            MD5

            61aadb59406623cb383cba48cf439a92

            SHA1

            0dc81c44dcf21fc4ac339dddbde4ea00fa3a9982

            SHA256

            7c33912f24875dcb6a7854f5206a20549246885d9572f84a81fc9e4cd7c48726

            SHA512

            3535021bdd7063d249c84a24cb62ca449dc35379960580e9d145b73f25c8583e69e22961abdfc8f0f8501162451c4eb3bb77378397415e3b171e59dd04ce1781

            Download Submit

          • memory/2248-9-0x0000000000400000-0x0000000000409000-memory.dmp

            Filesize

            36KB

            Download

          • memory/5064-0-0x0000000000400000-0x0000000000409000-memory.dmp

            Filesize

            36KB

            Download

          • memory/5064-10-0x0000000000400000-0x0000000000409000-memory.dmp

            Filesize

            36KB

            Download