Overview

overview

7

Static

static

3

7d1b9f8154...18.exe

windows7-x64

7

7d1b9f8154...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/07/2024, 09:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7d1b9f8154184f9fa1ecfac70e66dc663d6d3805f83ba4627db398d020685518.exe

  • Size

    3.0MB

  • MD5

    6a09d893a5874386dfbc6244af0c9d32

  • SHA1

    241c30adea7eccee04ac6d2784d70a483296afbf

  • SHA256

    7d1b9f8154184f9fa1ecfac70e66dc663d6d3805f83ba4627db398d020685518

  • SHA512

    6ab300bd7cd17d5da4104dc8c50abaff935f790ed597c9754fe3704b8ba2519b27ddf5355ef3512375ef10bc39958740c1c063ec9858dba11b29ecb8c8066cfd

  • SSDEEP

    49152:Wbclx6BpX9jhSlxPu9LVtm0j4Cx960eT8/b4WraIHfdux9XclK5S4Ae5dxog3539:KjgzPu9LbmxCb6ib4WraIox9XcrRUSWN

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7d1b9f8154184f9fa1ecfac70e66dc663d6d3805f83ba4627db398d020685518.exe
    "C:\Users\Admin\AppData\Local\Temp\7d1b9f8154184f9fa1ecfac70e66dc663d6d3805f83ba4627db398d020685518.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4940
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Auto.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Auto.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:5068
      • C:\Users\Admin\AppData\Local\Temp\RarSFX0\StartAllBackCfg.exe
        StartAllBackCfg.exe /install
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of FindShellTrayWindow
        PID:1056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Auto.exe
    Filesize

    846KB

    MD5

    149034d4a5d59769062fb576f051d092

    SHA1

    8e4fce741e80828d4af046f1980186b7d652c0f6

    SHA256

    02213a2e40dd90a251b27566b7ffb25155368a418b67047096924aafec918cd9

    SHA512

    2b51f9c16db5947f9a6e822582b36da2e0d6eb74431a9f843c30a406ad3b1756324f0e3dc3e44525fb6dd832c2aa573ed678f5f71627f6d9362717c311bac809

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\StartAllBackCfg.exe
    Filesize

    3.3MB

    MD5

    cad6ceeb53731be9d6e9266cdeea7b64

    SHA1

    e50429300076e948c291fa125e4bc67f0b38d1c4

    SHA256

    80921b0c5edc5256352de52aa9f5e8defa0cbc90e1aa3152260029498a7abfdd

    SHA512

    9a1bf4157854f3383b6a3b99b4b1a644883f35313efead7fc9c8573a5ee37857cbb85a639ea0b51f3d084346b6b141992662682024b10594e94b17198ee62887

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\StartAllBackX64.dll
    Filesize

    867KB

    MD5

    1b0f2c8e7660db4ab2a938836fb2b08b

    SHA1

    2cd796a8abe62a1e1cef11b32d4f27a1094602ee

    SHA256

    aa5badb9bf26627bb1a8c2052ba67d55ebce9243dfb02c13cf4a3663eef650e4

    SHA512

    4d05f4c395dda6103cbc57374d5e4ae04c1a06a142dd907057a5ff3e136a1a6c7b032da74d1aa057ec610adf793af29ef17c68658be4c6906bec040aa6371ea4

    Download Submit

  • memory/1056-137-0x0000000000400000-0x000000000075B000-memory.dmp

    Filesize

    3.4MB

    Download