Overview

overview

7

Static

static

3

4e068dc4a3...49.exe

windows7-x64

7

4e068dc4a3...49.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-09-2024 01:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4e068dc4a32148b532e213e5ed0dfae83a6020d6554be4ff65b31d4b2b478649.exe

  • Size

    16KB

  • MD5

    b04928d3c9ac3abaf0ff7cbeb6be9399

  • SHA1

    c3c85f5e37c370ea8b5d3cdfd6aea399b1a4fc0b

  • SHA256

    4e068dc4a32148b532e213e5ed0dfae83a6020d6554be4ff65b31d4b2b478649

  • SHA512

    697c5df22d5f9b62e8f1423b489520bbe3dad534364dfd46f570480568a85f4f7c33d784c67a051b40024410a20ebdb17e00a3876ea09ba80cbb7386d5e86e08

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhYlR:hDXWipuE+K3/SSHgxmlR

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4e068dc4a32148b532e213e5ed0dfae83a6020d6554be4ff65b31d4b2b478649.exe
    "C:\Users\Admin\AppData\Local\Temp\4e068dc4a32148b532e213e5ed0dfae83a6020d6554be4ff65b31d4b2b478649.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1256
    • C:\Users\Admin\AppData\Local\Temp\DEM859B.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM859B.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4192
      • C:\Users\Admin\AppData\Local\Temp\DEMDCC3.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMDCC3.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2448
        • C:\Users\Admin\AppData\Local\Temp\DEM338E.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM338E.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1540
          • C:\Users\Admin\AppData\Local\Temp\DEM895F.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM895F.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:1456
            • C:\Users\Admin\AppData\Local\Temp\DEME039.exe
              "C:\Users\Admin\AppData\Local\Temp\DEME039.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:3156
              • C:\Users\Admin\AppData\Local\Temp\DEM359D.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM359D.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:2448

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM338E.exe
    Filesize

    16KB

    MD5

    faca1cab83911e786ac9e24f26854b69

    SHA1

    326163cc49fa279df6f6cb0827e4d88573a9675a

    SHA256

    c8e68bf0c0b7ad72cae207a5ffae80f3622ba7085fb8a31e340477f7a9527dcf

    SHA512

    6c6b861ebfecd02d6800a66653d2c374eca2859980be867c24eda8e337a47c1eb4e44e708bb317d5365cce7b33838a13ea4acfdf5acfde1a336342e703ed59e3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM359D.exe
    Filesize

    16KB

    MD5

    25cde0dba7db5b3def753defc439536e

    SHA1

    6aea2fc7cf4987ca2cc6ddd564e245ccf77feabc

    SHA256

    3832cb209e565fd00b23fa2b2d95386c89dc54a96f3745760ad0e7f6e20d874b

    SHA512

    1f6d358d712d213f9db7a670690a7aec2bff479176848ac4377bcf43f1e6cdb8defb3530cd0fc6b7b16c3c5afcd1abe40d4e2c8a2906d5fa7aa8a468a8eba903

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM859B.exe
    Filesize

    16KB

    MD5

    3ce153ea21777ba92c40be2c143f112a

    SHA1

    e9bd54208587fd3887e79451dacda5a25ef9c113

    SHA256

    395e218bf69b84b5eb5c42b94be234c373e2ac67813d19dfad8ccfbeb9a54c6c

    SHA512

    fa281cfcd56411a0c06adf2e6a20dda0b4efba4815add6c074751497caee7560de498358a23687e0cf5da4395992389f0db6af579d1d087aa449975474d48bea

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM895F.exe
    Filesize

    16KB

    MD5

    bae970114ad5cd279215236123cf0daf

    SHA1

    5e0cbc095f98d2ad8b4e8e8af0ef1cd1ef13cf27

    SHA256

    8add7486ed1b48eb81d37bb702ccabbf670f34ee30c0dafa7d90ffafef1277bb

    SHA512

    b8a4f3a3f3db6b0a4394e0907eb1474402460b9c0f46b08e2e6e6b0e151e36ed535aa0cae2b9425ec16f16c7e72caf1542dc24ca5e7dfe159b0f9921e588b8c2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMDCC3.exe
    Filesize

    16KB

    MD5

    640c01e97fb4c042020c55c010a5d1b5

    SHA1

    eaa3606196e97d1427fb5eef5d6edd7f7ad16f70

    SHA256

    e720b5cc38bafc5e05c732532e64434c0b850c90916b393c9b00d393bd025a4a

    SHA512

    488c281a6bd10d27e61ce2f7ed49f57d063bba33e2634583f690e09e34e0346de9d46f5c612cac80e503a7d356f2aecff1149285a55ab90e5a92df8b9614262c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEME039.exe
    Filesize

    16KB

    MD5

    d044c2455a5d5e2e8317fc7b1f395296

    SHA1

    e06c2913e1a1c033f8d8b41bc469974d74383dab

    SHA256

    a24d76bc19984a49e002b7f820b4733105696cac4945e735efb721da9e49c797

    SHA512

    c4a56afed2d4340c31259b7c5e105ea99856ad5439c78f01d68f0a6a8d79271b39d99bde1a7ce64a07ceee3a8d3a8bab571cc3be598e1a55c4ec703686e36518

    Download Submit