Overview

overview

7

Static

static

3

5eaaa92e0c...0N.exe

windows7-x64

7

5eaaa92e0c...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/07/2024, 07:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5eaaa92e0c4d1ffe9eec77c7fff70ec0N.exe

  • Size

    85KB

  • MD5

    5eaaa92e0c4d1ffe9eec77c7fff70ec0

  • SHA1

    437ba7c12fa520f6eb66d5f68a0e466a1e1fb48e

  • SHA256

    492549d4a05cd4951eb6bce341ce8a8bd9a9c031e65e175b8a92b4dd65f7c7c6

  • SHA512

    0f4ffb133c25f2d070b3ceb601d28f5d6aad89b827e6f311f4e53446c25abb8c14b02c7a3969a507d45131c9d6b0ea0558da842e4b481bbf34d5a8226162b8fe

  • SSDEEP

    1536:IGsBuoFn7UZ+LtdgI2MyzNORQtOflIwoHNV2XBFV72B4lA7ZsbI8zYeDds:IGjot7UQLtdgI2MyzNORQtOflIwoHNVv

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5eaaa92e0c4d1ffe9eec77c7fff70ec0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5eaaa92e0c4d1ffe9eec77c7fff70ec0N.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1224
    • C:\Users\Admin\AppData\Local\Temp\kgfdfjdk.exe
      "C:\Users\Admin\AppData\Local\Temp\kgfdfjdk.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4712

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\kgfdfjdk.exe
          Filesize

          85KB

          MD5

          1d5ad2555de28c7dbbdc7f9b42267eb4

          SHA1

          21007313caae1767ec007d4ff5400917a0b09077

          SHA256

          1170fe7731d9f6983c2b0f34f5a425a49e56ec40db451a5c2f46445645e88c85

          SHA512

          a49de060a8d8ad451cde32f5b825a7dbd7ab3b7f304a8af2ea5731903cb4f0f7ff3a130ba887918fca9a0fb181d12d055f3b2e0cd8ad9840bfb4300711ca1520

          Download Submit

        • memory/1224-0-0x0000000003500000-0x0000000003516000-memory.dmp

          Filesize

          88KB

          Download

        • memory/1224-2-0x0000000002040000-0x0000000002045000-memory.dmp

          Filesize

          20KB

          Download

        • memory/1224-10-0x0000000003500000-0x0000000003516000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4712-11-0x0000000000540000-0x0000000000545000-memory.dmp

          Filesize

          20KB

          Download

        • memory/4712-12-0x0000000003500000-0x0000000003516000-memory.dmp

          Filesize

          88KB

          Download