Overview

overview

7

Static

static

3

e3768331e9...0N.exe

windows7-x64

7

e3768331e9...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/08/2024, 11:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e3768331e9d8f9ee0fc6893999aae990N.exe

  • Size

    62KB

  • MD5

    e3768331e9d8f9ee0fc6893999aae990

  • SHA1

    0f1f63ec2d1d3adf8eb514e958193425335b5175

  • SHA256

    64aa5a3358b9dc367467e8e13610f78607d88d3de11195e166ffb94949176b31

  • SHA512

    876aff42257c1374c7d739838d028fcd53018e28a82b6f7f627d4e14a4cc607799c44d2d44f03213ca6a8eeb316f80f064648a1344d40e0d8638a64c7c82aab5

  • SSDEEP

    768:9bxR3Jqm8ip1b9J6HiH0os90v4IBnI7+faIT0CA0+ZeCqT/EYeF344524444/lCi:dbzPzbqms0I7STe1ATMYeFN6lCwGxWw6

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e3768331e9d8f9ee0fc6893999aae990N.exe
    "C:\Users\Admin\AppData\Local\Temp\e3768331e9d8f9ee0fc6893999aae990N.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:552
    • C:\Users\Admin\AppData\Local\Temp\conwur.exe
      "C:\Users\Admin\AppData\Local\Temp\conwur.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\conwur.exe
    Filesize

    62KB

    MD5

    c2f85a0eab9f0a59d383c44211beda5b

    SHA1

    1de2649293490ae48d05b00d642a24d8cbcb7999

    SHA256

    ffb94033db256be56ff727b7a871e812ec2e189d8564db3ca41cec65238e1710

    SHA512

    38d04d512586654c8f109f8d9bde35c030ed1be9e0bdeac8378eb19091d270ad59acfc8d9011d15563e000236bc3180f49e22dda448f546d3b9813f61627ad29

    Download Submit

  • memory/552-0-0x0000000004000000-0x0000000004005000-memory.dmp

    Filesize

    20KB

    Download

  • memory/552-1-0x0000000004000000-0x0000000004005000-memory.dmp

    Filesize

    20KB

    Download

  • memory/552-3-0x0000000004000000-0x0000000004005000-memory.dmp

    Filesize

    20KB

    Download