Overview

overview

7

Static

static

3

cac15904d0...c7.exe

windows7-x64

6

cac15904d0...c7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    124s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/06/2024, 02:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cac15904d0648354e1be36563c14cca8c791795c143a90ee3c1ad43a12478bc7.exe

  • Size

    1.6MB

  • MD5

    ecbf30c0f9d01f0347f738659d8d5910

  • SHA1

    cad2fc9a833a23a43c08aeb193d2ada35c45d10e

  • SHA256

    cac15904d0648354e1be36563c14cca8c791795c143a90ee3c1ad43a12478bc7

  • SHA512

    197c7910b988c93ad8cb371b921f83d17f81cffedc4460d26c0d84f4116b2da47c27fbfc8ad65c626eea8c7e8da127c1662378e3b1a3c06afb75e966d7dd0abf

  • SSDEEP

    24576:7LILY8Xu/3y8UsG2BgYLicwnkYCHdebUKyZURQ1TgjTv:sYrC8UsGuTwNCHdeQKyZURQ1EjTv

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cac15904d0648354e1be36563c14cca8c791795c143a90ee3c1ad43a12478bc7.exe
    "C:\Users\Admin\AppData\Local\Temp\cac15904d0648354e1be36563c14cca8c791795c143a90ee3c1ad43a12478bc7.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1288
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\cac15904d0648354e1be36563c14cca8c791795c143a90ee3c1ad43a12478bc7.docx" /o ""
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:4868
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4184,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=3928 /prefetch:8
    1⤵
      PID:2560

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\222272519.tmp
            Filesize

            1.6MB

            MD5

            ecbf30c0f9d01f0347f738659d8d5910

            SHA1

            cad2fc9a833a23a43c08aeb193d2ada35c45d10e

            SHA256

            cac15904d0648354e1be36563c14cca8c791795c143a90ee3c1ad43a12478bc7

            SHA512

            197c7910b988c93ad8cb371b921f83d17f81cffedc4460d26c0d84f4116b2da47c27fbfc8ad65c626eea8c7e8da127c1662378e3b1a3c06afb75e966d7dd0abf

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\TCD4666.tmp\iso690.xsl
            Filesize

            263KB

            MD5

            ff0e07eff1333cdf9fc2523d323dd654

            SHA1

            77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

            SHA256

            3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

            SHA512

            b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\cac15904d0648354e1be36563c14cca8c791795c143a90ee3c1ad43a12478bc7.docx
            Filesize

            9KB

            MD5

            5c8ddbe9afb9e159b17a7ee015772848

            SHA1

            3a35ca11b44cafe6668a35f92e0b8d63f5d6db7f

            SHA256

            d98275ea1080f6e42b000e422de4d775eccab3695acef872643b05902129e59b

            SHA512

            ee66bddebc6754f0a466538528132e9292b23b334dc9b4a49707cd8c62eb45e8d5c9222af7deafde11021f82ff742427f7097dbc9627be9a39d1b04c5741edee

            Download Submit

          • memory/4868-30-0x00007FFB2CC10000-0x00007FFB2CE05000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/4868-28-0x00007FFB2CC10000-0x00007FFB2CE05000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/4868-20-0x00007FFB2CCAD000-0x00007FFB2CCAE000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4868-24-0x00007FFAECC90000-0x00007FFAECCA0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4868-23-0x00007FFB2CC10000-0x00007FFB2CE05000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/4868-21-0x00007FFAECC90000-0x00007FFAECCA0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4868-17-0x00007FFAECC90000-0x00007FFAECCA0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4868-25-0x00007FFB2CC10000-0x00007FFB2CE05000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/4868-29-0x00007FFB2CC10000-0x00007FFB2CE05000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/4868-18-0x00007FFAECC90000-0x00007FFAECCA0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4868-31-0x00007FFB2CC10000-0x00007FFB2CE05000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/4868-22-0x00007FFB2CC10000-0x00007FFB2CE05000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/4868-27-0x00007FFB2CC10000-0x00007FFB2CE05000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/4868-26-0x00007FFB2CC10000-0x00007FFB2CE05000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/4868-32-0x00007FFAEA700000-0x00007FFAEA710000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4868-33-0x00007FFAEA700000-0x00007FFAEA710000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4868-19-0x00007FFAECC90000-0x00007FFAECCA0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4868-522-0x00007FFB2CC10000-0x00007FFB2CE05000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/4868-543-0x00007FFAECC90000-0x00007FFAECCA0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4868-542-0x00007FFAECC90000-0x00007FFAECCA0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4868-544-0x00007FFAECC90000-0x00007FFAECCA0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4868-545-0x00007FFAECC90000-0x00007FFAECCA0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4868-546-0x00007FFB2CC10000-0x00007FFB2CE05000-memory.dmp

            Filesize

            2.0MB

            Download