Overview

overview

7

Static

static

3

d1cedc0ede...b3.exe

windows7-x64

7

d1cedc0ede...b3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/07/2024, 03:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d1cedc0ede3f3e16bdf45433979ebbecd639dd72891b620f3332a351f39150b3.exe

  • Size

    32KB

  • MD5

    a5ab62ca131e9ecb38ec5f4e15c8717b

  • SHA1

    4f116a17d5a8512ed0d917d3f84587268273a752

  • SHA256

    d1cedc0ede3f3e16bdf45433979ebbecd639dd72891b620f3332a351f39150b3

  • SHA512

    e12b42313e6f9274acabb045229c7538fc5de12cd39915ef43b1645f687aa1b2598bbd7ab60de0d2432fad401bd107d6172ac846f8e1b32f5d3721f52f3a1fde

  • SSDEEP

    768:G26uYzQhmWSm8/mjHgH9OAwTc+M3rsVm6:GVrsmDveLgdOAYMwB

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d1cedc0ede3f3e16bdf45433979ebbecd639dd72891b620f3332a351f39150b3.exe
    "C:\Users\Admin\AppData\Local\Temp\d1cedc0ede3f3e16bdf45433979ebbecd639dd72891b620f3332a351f39150b3.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1104
    • C:\Users\Admin\AppData\Local\Temp\denis.exe
      "C:\Users\Admin\AppData\Local\Temp\denis.exe"
      2⤵
      • Executes dropped EXE
      PID:4616

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\denis.exe
    Filesize

    32KB

    MD5

    edd0ab2571bbf54d74b2c220fe308536

    SHA1

    aa64a7bd1e8cc45849e38e95bea17ac63dcce370

    SHA256

    4b78e2636cd44d306d557cee8f785eca4239a8cb082ccd8682e2545c0ecbd057

    SHA512

    d312abcb073073cc6347e22ebca965e0b335773606b8a8742240e2579fe4a6163a2d97d3a9f364baa97bbcca70810b8febdfba59887a273715987295b0ba12d8

    Download Submit

  • memory/1104-0-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1104-1-0x0000000000460000-0x0000000000468000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1104-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4616-23-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4616-27-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4616-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download