Overview

overview

10

Static

static

3

IMG_06631_0173.exe

windows7-x64

10

IMG_06631_0173.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-06-2024 11:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IMG_06631_0173.exe

  • Size

    2.4MB

  • MD5

    7509bcee32836ba48d6d599d6040cea1

  • SHA1

    9c8913621e45bf9947902a457fd215a1d5fae7f2

  • SHA256

    78b4fcbb34607b6cdfd1af26673a2bda62c56cd611f694a467015e57a4d48026

  • SHA512

    447d4568f3681626324f4d8fb7b35033f40d5b84bd83ae018a76972d7827692620daa92fa3175e8c852664d6e67bc1ab253fb283b899898ea95be5b0481e9164

  • SSDEEP

    49152:0Br4DV4urIIhSDdNo/DynbU4ckQVIFOotX4MFaRVa0F5DZUt2Mrj9:0Br4h4mIT+yw4cj7otoQaRnFFZUR

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Gathers network information 2 TTPs 2 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IMG_06631_0173.exe
    "C:\Users\Admin\AppData\Local\Temp\IMG_06631_0173.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1116
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ipconfig /release
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1632
      • C:\Windows\SysWOW64\ipconfig.exe
        ipconfig /release
        3⤵
        • Gathers network information
        PID:2576
    • C:\Users\Admin\AppData\Local\Temp\IMG_06631_0173.exe
      "C:\Users\Admin\AppData\Local\Temp\IMG_06631_0173.exe"
      2⤵
        PID:3508
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 188
          3⤵
          • Program crash
          PID:5032
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /c ipconfig /renew
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:3484
        • C:\Windows\SysWOW64\ipconfig.exe
          ipconfig /renew
          3⤵
          • Gathers network information
          PID:3388
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3508 -ip 3508
      1⤵
        PID:3208

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1116-0-0x0000000074D7E000-0x0000000074D7F000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1116-1-0x0000000000B20000-0x0000000000D82000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/1116-3-0x00000000058C0000-0x0000000005AE8000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/1116-2-0x0000000074D70000-0x0000000075520000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/1116-4-0x0000000006C20000-0x0000000006E4A000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/1116-5-0x00000000060A0000-0x0000000006644000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/1116-6-0x0000000005B90000-0x0000000005C22000-memory.dmp

        Filesize

        584KB

        Download

      • memory/1116-7-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-22-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-56-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-70-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-68-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-66-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-64-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-62-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-60-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-58-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-54-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-52-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-50-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-46-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-44-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-42-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-38-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-36-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-34-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-32-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-30-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-29-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-48-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-40-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-24-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-20-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-18-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-16-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-14-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-12-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-10-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-8-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-26-0x0000000006C20000-0x0000000006E44000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1116-4893-0x0000000074D70000-0x0000000075520000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/1116-4895-0x0000000005850000-0x000000000589C000-memory.dmp

        Filesize

        304KB

        Download

      • memory/1116-4894-0x00000000057E0000-0x0000000005846000-memory.dmp

        Filesize

        408KB

        Download

      • memory/1116-4896-0x0000000074D7E000-0x0000000074D7F000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1116-4897-0x0000000074D70000-0x0000000075520000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/1116-4898-0x0000000005CC0000-0x0000000005D14000-memory.dmp

        Filesize

        336KB

        Download

      • memory/1116-4907-0x0000000074D70000-0x0000000075520000-memory.dmp

        Filesize

        7.7MB

        Download