Overview

overview

7

Static

static

7

a269b2e6ba...4f.exe

windows7-x64

7

a269b2e6ba...4f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/07/2024, 02:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a269b2e6baa1aa2d07c66b55409fa24f.exe

  • Size

    37KB

  • MD5

    a269b2e6baa1aa2d07c66b55409fa24f

  • SHA1

    8d6b1dce0263568302b53b826bf7095e408f2467

  • SHA256

    b5278d908a88821d5b6da16e7a2e948f92cfc64a276780b8a33b73ac80b166a6

  • SHA512

    269f8307a5c852881104d69679ec579c456dd6e4ad7fcef88399959dd3316a2ed11e4ff2e5a0ff15ca4ce20a9860fbd372970576c374885c83c3ca36c949233f

  • SSDEEP

    768:q7PdFecFS5agQtOOtEvwDpjeMLZdzuqpXsiE8Wq/DpkITf:qDdFJy3QMOtEvwDpjjWMl7Tf

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a269b2e6baa1aa2d07c66b55409fa24f.exe
    "C:\Users\Admin\AppData\Local\Temp\a269b2e6baa1aa2d07c66b55409fa24f.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:1520

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          37KB

          MD5

          23e79960b0b424ce56430659da999b8a

          SHA1

          961d66a515eea9ee22d2e0a09929d403b7b3913c

          SHA256

          19c7fd641b5e5df3c671672dae946c55ab11ec4bd1219d9602ad486c6689b129

          SHA512

          c11c8be1ba431af0924ee30941689719ebad2c73a2e1affc68168ca20aa2d2251e23ebae1a2b90be31af3d4c3d3c4f1c9fb96ac9a9e2a8e998a0d104661bd218

          Download Submit

        • memory/1520-16-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1520-21-0x00000000006D0000-0x00000000006D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1520-27-0x00000000006B0000-0x00000000006B6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1520-28-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1652-0-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1652-1-0x00000000004D0000-0x00000000004D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1652-2-0x00000000004F0000-0x00000000004F6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1652-9-0x00000000004D0000-0x00000000004D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1652-19-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download