Overview

overview

7

Static

static

3

1ffcb05047...3f.exe

windows7-x64

7

1ffcb05047...3f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/09/2024, 20:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ffcb050475ed7f540ac1e7b7b8cf939a4c309bb04a25110132c72d745b9103f.exe

  • Size

    20KB

  • MD5

    36c320163b4ef9a8988284092d193ab2

  • SHA1

    7b22bcef4a9f08ba923780ffef35fc5f0a49a66b

  • SHA256

    1ffcb050475ed7f540ac1e7b7b8cf939a4c309bb04a25110132c72d745b9103f

  • SHA512

    989f9c5212cad697e8661356963d3178f983b251c335e03c4600b0c91b89ef2dd272572adc5e12c66ab801e07f0959ae6a02ce745aef5335246d0e11fb6fb1c2

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhYQMxQ:hDXWipuE+K3/SSHgxmHe

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ffcb050475ed7f540ac1e7b7b8cf939a4c309bb04a25110132c72d745b9103f.exe
    "C:\Users\Admin\AppData\Local\Temp\1ffcb050475ed7f540ac1e7b7b8cf939a4c309bb04a25110132c72d745b9103f.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4340
    • C:\Users\Admin\AppData\Local\Temp\DEM5C1A.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM5C1A.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4360
      • C:\Users\Admin\AppData\Local\Temp\DEMB2C5.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMB2C5.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2552
        • C:\Users\Admin\AppData\Local\Temp\DEM8D5.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM8D5.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3224
          • C:\Users\Admin\AppData\Local\Temp\DEM5ED4.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM5ED4.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:4848
            • C:\Users\Admin\AppData\Local\Temp\DEMB4C4.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMB4C4.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:1672
              • C:\Users\Admin\AppData\Local\Temp\DEMAC4.exe
                "C:\Users\Admin\AppData\Local\Temp\DEMAC4.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:1760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM5C1A.exe
    Filesize

    20KB

    MD5

    8c589eb0fcdf80ed7785a8a9fd74704e

    SHA1

    5702f523678bcc2d823fe9e58a95c645482f4b8f

    SHA256

    c4e406d8b921843401b05160f651eb27f39570cb55ee20ab1ab1ed2073d48563

    SHA512

    622698191e271ed4eb06651814c41ee741602e9fb8e3ce54c20729868747de94b97d240865bd35115e84d15707611c0fb1a2fcc52f86869c60c074b584ff63e7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM5ED4.exe
    Filesize

    20KB

    MD5

    6b8ecf65008f43f6d3b50082e845701a

    SHA1

    3cbef661d6c9fa917dcba44e9424a374bdd87644

    SHA256

    4832a19b7134762f5a2d5bd0260d7b48eea5b15b171e9319d3cb079e77422246

    SHA512

    117f9dd8afd2eb5c441da39daa97749ad64eca963ce8f3260bf27658086cb3b4212b2a1580795320136169d36e01069d610cd6658e2981308e58a7575aa40d54

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM8D5.exe
    Filesize

    20KB

    MD5

    68fe2bf5a1acfdc29c3a2f94ae6e5ea7

    SHA1

    1be0ad5a56d2f1c22fda634e3c8876408f58d2c1

    SHA256

    524f32a1141c8e62ccaa07e9e00ad00a6591014a4a8213a33d2c9a7ca108eb90

    SHA512

    d8030413f8caf40fdd933321fb0e7a471a0a201e8c656ec22f5e846e22dc68dc777617d9a7f80d04e859708a587728271a7479b9fe470afcab5f99b319b607c3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMAC4.exe
    Filesize

    20KB

    MD5

    1c36b2ffe20e238a100df7284c755463

    SHA1

    9ed5b46b0089f5920260750098a1ae010fa759e2

    SHA256

    427d47b879b11f7efe67e9da74fd0c8f4397f068f92995bf7bfe9bccd8ce80d0

    SHA512

    62003ae3bb571fbd65ef180a1d2dcfff89e0786a010fa2cc6aa5c3f5c51eb04bb7304ee832dc67322b33a8ea20e2c6bed4267d53c682fd7333de8bd7d2ba832c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMB2C5.exe
    Filesize

    20KB

    MD5

    cafb340230cf3bf61a9c163605617f06

    SHA1

    f21b8d7b59222aa6efc73724b5d4018b3c011601

    SHA256

    1edad3f9a4d01cf50bcdd80fb2f7e66800b91ab56f7b04db5c112ca973f666cb

    SHA512

    1c0425add750bc6205220b37a01579caf2e6eb427a75e46b5311ddb29398e392c39dfcc83bfd649b6131a8ce22674ffc7356354e93fab504b6dca315218ba714

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMB4C4.exe
    Filesize

    20KB

    MD5

    67a591fb3c31dfed278b19b0f054c839

    SHA1

    6d9195a5b9ce46a977eb15ec90f58378a5b53f86

    SHA256

    f3263a5e141f46eec356ed41ac726552cbb16b33aec852567dacad604243a834

    SHA512

    3b158438737935338538ff44f27312ce6e744561e9874119321df700ad109f83f8b1ee2b55ac9103664fc020e213fc2663beca46135497634efb699a3258509f

    Download Submit