Malware Analysis Report

2024-10-23 21:03

Sample ID 240613-xdarjssapp
Target 04649c0a877ac6fa6d3388376df7a558d4151f81ef0eed781e6f3b541c328295
SHA256 04649c0a877ac6fa6d3388376df7a558d4151f81ef0eed781e6f3b541c328295
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

04649c0a877ac6fa6d3388376df7a558d4151f81ef0eed781e6f3b541c328295

Threat Level: Shows suspicious behavior

The file 04649c0a877ac6fa6d3388376df7a558d4151f81ef0eed781e6f3b541c328295 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 18:43

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 18:43

Reported

2024-06-13 18:46

Platform

win7-20240508-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\04649c0a877ac6fa6d3388376df7a558d4151f81ef0eed781e6f3b541c328295.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\04649c0a877ac6fa6d3388376df7a558d4151f81ef0eed781e6f3b541c328295.exe

"C:\Users\Admin\AppData\Local\Temp\04649c0a877ac6fa6d3388376df7a558d4151f81ef0eed781e6f3b541c328295.exe"

C:\Users\Admin\AppData\Local\Temp\kdeohw.exe

"C:\Users\Admin\AppData\Local\Temp\kdeohw.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\kdeohw.exe

MD5 cb565232cf4b5ad157feeb9b22e0faa6
SHA1 0e40f1ba04a01332db9f3194f1678712804f5da4
SHA256 71b258ef903c71b3fd5c2dbdfb837abf987d8dd7dc1dee39c459697a1c427e74
SHA512 45ae76cdc0dfc139e87eff85c5a6fd12cd1615a3e3897606235d98df4930536885255fb650d5e67bedbae5b2f48d38e9be3124fa5d58398885a32d46f212e8c9

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 18:43

Reported

2024-06-13 18:46

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\04649c0a877ac6fa6d3388376df7a558d4151f81ef0eed781e6f3b541c328295.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\04649c0a877ac6fa6d3388376df7a558d4151f81ef0eed781e6f3b541c328295.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\kdeohw.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\04649c0a877ac6fa6d3388376df7a558d4151f81ef0eed781e6f3b541c328295.exe

"C:\Users\Admin\AppData\Local\Temp\04649c0a877ac6fa6d3388376df7a558d4151f81ef0eed781e6f3b541c328295.exe"

C:\Users\Admin\AppData\Local\Temp\kdeohw.exe

"C:\Users\Admin\AppData\Local\Temp\kdeohw.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\kdeohw.exe

MD5 cb565232cf4b5ad157feeb9b22e0faa6
SHA1 0e40f1ba04a01332db9f3194f1678712804f5da4
SHA256 71b258ef903c71b3fd5c2dbdfb837abf987d8dd7dc1dee39c459697a1c427e74
SHA512 45ae76cdc0dfc139e87eff85c5a6fd12cd1615a3e3897606235d98df4930536885255fb650d5e67bedbae5b2f48d38e9be3124fa5d58398885a32d46f212e8c9