Overview

overview

10

Static

static

3

15caf78d05...0N.exe

windows7-x64

10

15caf78d05...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    112s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 22:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15caf78d05a0fa57a2437e1c8526ae30N.exe

  • Size

    279KB

  • MD5

    15caf78d05a0fa57a2437e1c8526ae30

  • SHA1

    960ff36adc0b2d1f0b58e2158b796a5f9ed7970f

  • SHA256

    ce40345a7a091ce1d7cfb88e8d757b80148e29265b43f2dcd7c283767243a783

  • SHA512

    42c0c706cd97affe215f11b222bae24a7d491813605bd8722396deced7817799f1d7d4beea30f0e07dfbbaf6efff1fe8099359c5e08ee4a3b6483f9694b5ac2d

  • SSDEEP

    6144:boy5p178U0MURaGyNXYWQzHazRfXrwSRnWwhrQ66fK7:boSeGUA5YZazpXUmZhZ6S7

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15caf78d05a0fa57a2437e1c8526ae30N.exe
    "C:\Users\Admin\AppData\Local\Temp\15caf78d05a0fa57a2437e1c8526ae30N.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4576
    • C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe
      "C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3932
      • C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe
        "C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"
        3⤵
          PID:452

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe
      Filesize

      279KB

      MD5

      2fb9020299503da45ea5ef53618ab263

      SHA1

      64b8dc775bd6657cd37ad48dfe5d1d78af0cfaf3

      SHA256

      ba6c74dd2e6540fd96f4b0b395255552bc7e6dbb25dd810bff7faf2319a7453f

      SHA512

      b21f2296e190441391190b77b7226663bbb7df44861b3739d2edee05c8208f9c974cef17b5b3c0d450b2e5f899187e2379a6196e91bde8cbf7dddac68e23d0bc

      Download Submit

    • memory/3932-18-0x0000000074E50000-0x0000000075401000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/3932-19-0x0000000074E50000-0x0000000075401000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/3932-20-0x0000000074E50000-0x0000000075401000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/3932-21-0x0000000074E50000-0x0000000075401000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/3932-23-0x0000000074E50000-0x0000000075401000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4576-0-0x0000000074E52000-0x0000000074E53000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4576-1-0x0000000074E50000-0x0000000075401000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4576-2-0x0000000074E50000-0x0000000075401000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4576-3-0x0000000074E50000-0x0000000075401000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4576-17-0x0000000074E50000-0x0000000075401000-memory.dmp

      Filesize

      5.7MB

      Download