Overview

overview

10

Static

static

3

f81842f972...0N.exe

windows7-x64

10

f81842f972...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    103s
  • max time network
    108s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-08-2024 15:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f81842f9725cf1a1bb81bb0790c79320N.exe

  • Size

    281KB

  • MD5

    f81842f9725cf1a1bb81bb0790c79320

  • SHA1

    e1f7bf243b03bfbc56d3ec68a45e229976322869

  • SHA256

    87aacae4f59608d403306cc0dca5575540df07a2ab672097daf0ee920f79638f

  • SHA512

    aaf521da8c45bc88c281d6c3737c44c6a3d08f3b263db84747f18a145a289027bd0d95874da7cdd9cfe7cc4018c258d170afb245c739ec1b8b88b811abac5106

  • SSDEEP

    6144:boy5p178U0MURaGyNXYWQzHazRfXrwSRnWwhrQ66fKkfK8:boSeGUA5YZazpXUmZhZ6SD8

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f81842f9725cf1a1bb81bb0790c79320N.exe
    "C:\Users\Admin\AppData\Local\Temp\f81842f9725cf1a1bb81bb0790c79320N.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1004
    • C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe
      "C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3180
      • C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe
        "C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"
        3⤵
          PID:4348

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe
      Filesize

      281KB

      MD5

      ae1243a587e9b55fe4e1c582ebae35dc

      SHA1

      35f0dccfaf10a12234578167cf663e73b4211558

      SHA256

      f1b90266e2e311dc91e4bdaa82891d691948a4ed4c9c05916832fcc270cd0c85

      SHA512

      39a0d72e715435b27b82248819b45464fba590f0111148d0f863e238a006dc85bafc5141c7b06b58c8b459c9f51e2483eda75510c0c1ba4e1eccfdde255844a5

      Download Submit

    • memory/1004-4-0x00000000750D2000-0x00000000750D3000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1004-5-0x00000000750D0000-0x0000000075681000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1004-21-0x00000000750D0000-0x0000000075681000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1004-0-0x00000000750D2000-0x00000000750D3000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1004-1-0x00000000750D0000-0x0000000075681000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1004-6-0x00000000750D0000-0x0000000075681000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1004-7-0x00000000750D0000-0x0000000075681000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1004-2-0x00000000750D0000-0x0000000075681000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1004-3-0x00000000750D0000-0x0000000075681000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/3180-22-0x00000000750D0000-0x0000000075681000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/3180-24-0x00000000750D0000-0x0000000075681000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/3180-23-0x00000000750D0000-0x0000000075681000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/3180-25-0x00000000750D0000-0x0000000075681000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/3180-26-0x00000000750D0000-0x0000000075681000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/3180-27-0x00000000750D0000-0x0000000075681000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/3180-28-0x00000000750D0000-0x0000000075681000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/3180-30-0x00000000750D0000-0x0000000075681000-memory.dmp

      Filesize

      5.7MB

      Download