Overview

overview

7

Static

static

3

05133444b1...0N.exe

windows7-x64

7

05133444b1...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/08/2024, 21:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05133444b144f399065c9671c28460a0N.exe

  • Size

    9KB

  • MD5

    05133444b144f399065c9671c28460a0

  • SHA1

    8a99210715a8a1672de889e693bd15495ce2c307

  • SHA256

    60d9e8a83ea5de1aa8efe9a370fe55a1fff7d1aab1828235a5a0541f02ad91c7

  • SHA512

    a5ecc2f845cf524686131865a5b3303dee61b83b8b3396c235b8856793e690df21073d8a9eb3aa2966ff0b0942e967383338f6fa04999d5f651e73cc7743195d

  • SSDEEP

    96:xtFS2ay5lLjuHnnwR2UDCtHXAsZfk9aJ4wQs8wbSOf:xjpBKnwR27dk9y

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05133444b144f399065c9671c28460a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\05133444b144f399065c9671c28460a0N.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4616
    • C:\Users\Admin\AppData\Local\Temp\quip.exe
      "C:\Users\Admin\AppData\Local\Temp\quip.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\quip.exe
    Filesize

    9KB

    MD5

    12015d9f098cb1f1c5562f0ef540c520

    SHA1

    44c82cdd167cfdd3ddf0d327bb58051e0ef46845

    SHA256

    dde9611724679ae8259ecedfe4e3cd4a2aad88ffa86d431dfbc55b31ebbb0035

    SHA512

    9ab814b9b25cc70ee584d6fb3212083a6fa476124209eae396bea71e4d01f2f40dab18ebd16a5901549448d0a68aa1cf0d8ea53630bbd83c698b77e7571e955a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wipet.exe
    Filesize

    114B

    MD5

    e89f75f918dbdcee28604d4e09dd71d7

    SHA1

    f9d9055e9878723a12063b47d4a1a5f58c3eb1e9

    SHA256

    6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023

    SHA512

    8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

    Download Submit