Overview

overview

7

Static

static

3

59f8e00e62...0N.exe

windows7-x64

7

59f8e00e62...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    114s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/07/2024, 01:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    59f8e00e6252280b8d43b38d60705990N.exe

  • Size

    57KB

  • MD5

    59f8e00e6252280b8d43b38d60705990

  • SHA1

    6f52f1d51a54aa0ff6fa1812117ff2a64c0de59c

  • SHA256

    c1a124e9904ee00eb2fdb77da767838e55a27660ca804e9d84fcaee4e80f4aa4

  • SHA512

    16d69a71872885789126788d8e3120cf2c38158a701878e98be861b1b4ef1fccced9863d6d15bfcd6254442330badd57be3ba7ed1a4c05819e85fa4464b4c228

  • SSDEEP

    384:asjPGY2HXgrkEYYhQ98E8I1XAV/QcaYpATUgch1A9NB/erxlF8fmLv:aePG5H8XhKD8ISZQjkgs1lxlFemLv

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\59f8e00e6252280b8d43b38d60705990N.exe
    "C:\Users\Admin\AppData\Local\Temp\59f8e00e6252280b8d43b38d60705990N.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1344
    • C:\Users\Admin\AppData\Local\Temp\winupdate.exe
      "C:\Users\Admin\AppData\Local\Temp\winupdate.exe"
      2⤵
      • Executes dropped EXE
      PID:4568

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\winupdate.exe
          Filesize

          57KB

          MD5

          6af8df5a0994ef89d35e046b121ef1d2

          SHA1

          8aeda12bedf2d909ff650c01cd3519abd1cc5793

          SHA256

          6f0d38f62305456dedd01a11a8ce9e6633d82451420c1e3f8af45b534cac3052

          SHA512

          ed35c20be4adf54ed8719ffb989d8806868e939b81e333e86f17885eb82726dc5a683fe8b7a0a34d05e9d3f1a9ba3440136360fbb429d0d017b0d34aa1778b70

          Download Submit

        • memory/1344-0-0x0000000000500000-0x0000000000512000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1344-1-0x0000000000501000-0x0000000000502000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1344-10-0x0000000000500000-0x0000000000512000-memory.dmp

          Filesize

          72KB

          Download

        • memory/4568-11-0x0000000000500000-0x0000000000512000-memory.dmp

          Filesize

          72KB

          Download

        • memory/4568-12-0x0000000000500000-0x0000000000512000-memory.dmp

          Filesize

          72KB

          Download