Overview

overview

10

Static

static

3

437aa5ad2e...fa.exe

windows7-x64

10

437aa5ad2e...fa.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-07-2024 21:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    437aa5ad2eeecbb9eebf95d76d529eb248b532a6c8e0e60fe3b92bd0c89015fa.exe

  • Size

    59KB

  • MD5

    b2fbf7dbd3bbb3dc4323a88c3cd90093

  • SHA1

    d49a8b4e52f8911d745ff4b7676e19d713464087

  • SHA256

    437aa5ad2eeecbb9eebf95d76d529eb248b532a6c8e0e60fe3b92bd0c89015fa

  • SHA512

    bbd8e0bdffd32134aa679ce7c1863ae3bf91f47b5f3476daf22d03010c153694cef5445dc00c96cead763ad666392bd5810eb5661ca3ef8dd326dadf85e2ed2f

  • SSDEEP

    768:9qSqC8+N5ozQQkncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtSqklPUV:9rqfzQQkamN8835mv7CUroqklPC

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\437aa5ad2eeecbb9eebf95d76d529eb248b532a6c8e0e60fe3b92bd0c89015fa.exe
    "C:\Users\Admin\AppData\Local\Temp\437aa5ad2eeecbb9eebf95d76d529eb248b532a6c8e0e60fe3b92bd0c89015fa.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:3264
    • C:\Program Files (x86)\849c19fb\jusched.exe
      "C:\Program Files (x86)\849c19fb\jusched.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\849c19fb\849c19fb
    Filesize

    13B

    MD5

    f253efe302d32ab264a76e0ce65be769

    SHA1

    768685ca582abd0af2fbb57ca37752aa98c9372b

    SHA256

    49dca65f362fee401292ed7ada96f96295eab1e589c52e4e66bf4aedda715fdd

    SHA512

    1990d20b462406bbadb22ba43f1ed9d0db6b250881d4ac89ad8cf6e43ca92b2fd31c3a15be1e6e149e42fdb46e58122c15bc7869a82c9490656c80df69fa77c4

    Download Submit

  • C:\Program Files (x86)\849c19fb\jusched.exe
    Filesize

    59KB

    MD5

    d884c3722339e39dd1f4d6bfa901c09c

    SHA1

    c2cadb226b8e84cb28cdb5c9084ab7916d11b9b5

    SHA256

    0d63a658c4d8b5a913cc27678f2385c8e3509080c4a44107fcea9f15fddf0012

    SHA512

    f2b50a08bc8e83e0e9ade483ee68f8f24c22b2a86489fc6280f2686dfb7c5f7737385945cb7ab58e3dd26ca1745db757907766b103f8d6799250629192076fab

    Download Submit

  • memory/1576-19-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download

  • memory/1576-18-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download

  • memory/1576-15-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download

  • memory/3264-0-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download

  • memory/3264-1-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download

  • memory/3264-5-0x0000000000401000-0x0000000000406000-memory.dmp

    Filesize

    20KB

    Download

  • memory/3264-4-0x0000000002190000-0x0000000002193000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3264-20-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download