Overview

overview

7

Static

static

3

25f23205a3...2a.exe

windows7-x64

7

25f23205a3...2a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-08-2024 20:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    25f23205a396306168857698c897053866d7c93781b58a68881304a05ca42b2a.exe

  • Size

    21KB

  • MD5

    317e639a5d2fd614dc5a357b816499a0

  • SHA1

    f92c2da2f3861ec26890d3638af4dfd8ce73bdb0

  • SHA256

    25f23205a396306168857698c897053866d7c93781b58a68881304a05ca42b2a

  • SHA512

    bfe9ac390f3b5a7be587cff703ebd191e16fa0d3c315f3553135d9d00f4273ac0af967f277eeef4975fe20fc01099a1cba9cd97cd6a22516051c6cddfedc990f

  • SSDEEP

    192:RmHMqjoQewsETX0o1byouOlOx/+1qAGgYpVAdDWLkqQdAlPTCjmT:ReMigwsEo6Ze+N5Ypy6QdOd

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\25f23205a396306168857698c897053866d7c93781b58a68881304a05ca42b2a.exe
    "C:\Users\Admin\AppData\Local\Temp\25f23205a396306168857698c897053866d7c93781b58a68881304a05ca42b2a.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Users\Admin\AppData\Local\Temp\erdou.exe
      "C:\Users\Admin\AppData\Local\Temp\erdou.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:1624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\erdou.exe
    Filesize

    21KB

    MD5

    fcf4b03a3f842e270a6a6d5ff36f0650

    SHA1

    2357f214752091e4ec9e53519a66721d281c3192

    SHA256

    d491be953da91469564546d8d5870a130125b63b7beeb49a8b5a06f8f54a3f22

    SHA512

    63e44f3ae1e8f56196ab15f70ce8e90b3e696f0d6ca9caeb1dc530632aed4972b9b4d6db27ed78f4d08d0ebfbdc750feb5945378ea9138c81bca82aae855f28f

    Download Submit

  • memory/1624-14-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2672-0-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2672-1-0x0000000000401000-0x0000000000403000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2672-13-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download