Overview

overview

7

Static

static

3

ab5aff186e...0N.exe

windows7-x64

7

ab5aff186e...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    104s
  • max time network
    117s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-08-2024 03:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab5aff186e0f4474ccd63cf2ad7f7800N.exe

  • Size

    86KB

  • MD5

    ab5aff186e0f4474ccd63cf2ad7f7800

  • SHA1

    49d2350266e9d854ee026b42436f51f43a95669e

  • SHA256

    9cd7773c230f8e92d215ab0c9b97be67fc798769ff51debd201e32ddd3a58e8a

  • SHA512

    9479ea57c35e937c72ff0fd8925104626c2fa5b9d1cb51012743de2844fc1c3bd58939e355d1d70132368cfff0876473e9bcdda78e8669457123ddc25d9264ca

  • SSDEEP

    768:QYHfYErkXzFlB8hRWXZUdqXnzdPLqXbC5t+1l7dExNvlpH7X:9rkXjmXABTqXWt+1RdEbX

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab5aff186e0f4474ccd63cf2ad7f7800N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab5aff186e0f4474ccd63cf2ad7f7800N.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2936
    • C:\Users\Admin\AppData\Local\Temp\hummy.exe
      "C:\Users\Admin\AppData\Local\Temp\hummy.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:1580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hummy.exe
    Filesize

    86KB

    MD5

    f95993a5412ba24efda39ef80dba6ba9

    SHA1

    17665d155230de8eedff91c28c19b6de11661c4f

    SHA256

    96a9dc8804e1ab834e7cb270d39bd5198483c088dbf2f277936b31a73e729cd9

    SHA512

    ad7f8e4f810eacad44f294444427b6d0411269087e2ea84073ae769986239e0964579bcb77487a7bf321241d379aaea0a096b8be482f08d41d4bef9d3d42d286

    Download Submit

  • memory/2936-0-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2936-9-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download