Overview

overview

7

Static

static

3

7d495052aa...0N.exe

windows7-x64

7

7d495052aa...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-07-2024 01:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7d495052aac7e42df01f5a6cb0a24930N.exe

  • Size

    39KB

  • MD5

    7d495052aac7e42df01f5a6cb0a24930

  • SHA1

    416e46646bb1b399cf196bb104b040eef71de9bc

  • SHA256

    4dfa3aa3dc6fffa9ff8ceabe1d8b1e5fdd49d6aaa834838fca252a329c528b7d

  • SHA512

    3a55d37a7cfdfd81114a616886ceca5ecee582d21c7c4d1767fdad1bccb12ecfde5db077d77c11e3930e4903aca8372d9e0543483ab7c83b947d69f5c03b29db

  • SSDEEP

    768:Kf1K2exg2kBwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZsBGGp/YIm7wm0Upad:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XB

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7d495052aac7e42df01f5a6cb0a24930N.exe
    "C:\Users\Admin\AppData\Local\Temp\7d495052aac7e42df01f5a6cb0a24930N.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4752
    • C:\Users\Admin\AppData\Local\Temp\hurok.exe
      "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:3084

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hurok.exe
    Filesize

    39KB

    MD5

    42431181456c66589b0fe0d408aa74c9

    SHA1

    12527c07aad3308222b17808bb7daabb4baa673c

    SHA256

    5821819cb2632c7b8af956e8ef46414324d21dbf9d5b56c2d60b98602b752605

    SHA512

    2ffbb51d5e08b86143456d70ebf459d2051bfbf686d77a69ef8cc79f4cb90ce2a5c388ebcd2426f0fe903ac0939de4c3f711a0d7103e9416d850f8e43e4d0eb0

    Download Submit
  • memory/3084-25-0x00000000020C0000-0x00000000020C6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/4752-0-0x00000000005F0000-0x00000000005F6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/4752-1-0x00000000005F0000-0x00000000005F6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/4752-2-0x0000000000400000-0x0000000000406000-memory.dmp
    Filesize

    24KB

    Download