Overview

overview

10

Static

static

3

4f04fd4582...0N.exe

windows7-x64

10

4f04fd4582...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 04:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4f04fd458209ee3cef7b616aadda3130N.exe

  • Size

    292KB

  • MD5

    4f04fd458209ee3cef7b616aadda3130

  • SHA1

    e97f2e0e1f847de6c1b36838a401fd4599a08d90

  • SHA256

    51c040a8b0747e50df37e5403205564f8609585659662b41543dec12d74f27cf

  • SHA512

    72d648999c228d1e75e54d1a5609e081c9d7d11af40b354ed4b08cbcba0cae5d2788e2bbf47910c82ff5205aa65a08575b91fa3c77a5a49b42e0915f90822c97

  • SSDEEP

    1536:T616jlS9+H8HYiH72PrGGUQLJjk/Jj/9/mck8K1Jg:eQS9BHku

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 51 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4f04fd458209ee3cef7b616aadda3130N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f04fd458209ee3cef7b616aadda3130N.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1880
    • C:\Users\Admin\geakoef.exe
      "C:\Users\Admin\geakoef.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3132

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\geakoef.exe
          Filesize

          292KB

          MD5

          2081ce5dd6118a7ccafba4960d469522

          SHA1

          1a64db81cff79b293a89318c2c0e580ed8efef37

          SHA256

          52952b04f5b4f2212357ff7146c60733950884aaa38410c54ec799fb815bc4ee

          SHA512

          eaf66a4ccd6788f3ce94d5ac567e30968c288e7afbc0addf9d903dabd330932c2408053ba8d65c4f573aa6f5430c40ccc860f9b64c3b1fb3ac4d9b8734564b38

          Download Submit

        • memory/1880-0-0x0000000000400000-0x000000000044B000-memory.dmp

          Filesize

          300KB

          Download

        • memory/1880-37-0x0000000000400000-0x000000000044B000-memory.dmp

          Filesize

          300KB

          Download

        • memory/3132-33-0x0000000000400000-0x000000000044B000-memory.dmp

          Filesize

          300KB

          Download

        • memory/3132-38-0x0000000000400000-0x000000000044B000-memory.dmp

          Filesize

          300KB

          Download