Overview

overview

7

Static

static

3

9c7177046d...ac.exe

windows7-x64

7

9c7177046d...ac.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/09/2024, 20:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    9c7177046d7e6b34d3ca3d32838ffd3ae44cd178403c75e63854ee19ebd6adac.exe

  • Size

    13KB

  • MD5

    86627ddc553db23f8c3bc93b9d4e971d

  • SHA1

    5999b26bca673be82a8dca1968d2e033d97adf51

  • SHA256

    9c7177046d7e6b34d3ca3d32838ffd3ae44cd178403c75e63854ee19ebd6adac

  • SHA512

    4d01337fbe3338ee8fbeb2a3d32784782a2b2efad7811a4fe71f70cffb4c36281ff95441fe08d0e1d79d0afabff4b112af4a5714b4319eb3ef99630027fe82be

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhTJ:hDXWipuE+K3/SSHgxBJ

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c7177046d7e6b34d3ca3d32838ffd3ae44cd178403c75e63854ee19ebd6adac.exe
    "C:\Users\Admin\AppData\Local\Temp\9c7177046d7e6b34d3ca3d32838ffd3ae44cd178403c75e63854ee19ebd6adac.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1744
    • C:\Users\Admin\AppData\Local\Temp\DEM4513.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM4513.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1564
      • C:\Users\Admin\AppData\Local\Temp\DEM9CD7.exe
        "C:\Users\Admin\AppData\Local\Temp\DEM9CD7.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3652
        • C:\Users\Admin\AppData\Local\Temp\DEMF3F0.exe
          "C:\Users\Admin\AppData\Local\Temp\DEMF3F0.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2356
          • C:\Users\Admin\AppData\Local\Temp\DEM4AF9.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM4AF9.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:4520
            • C:\Users\Admin\AppData\Local\Temp\DEMA222.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMA222.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:3928
              • C:\Users\Admin\AppData\Local\Temp\DEMF94A.exe
                "C:\Users\Admin\AppData\Local\Temp\DEMF94A.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:1896
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4100,i,4356837537417149674,16553092232944545509,262144 --variations-seed-version --mojo-platform-channel-handle=3928 /prefetch:8
    1⤵
      PID:3948

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\DEM4513.exe
            Filesize

            13KB

            MD5

            150b0a2120a8fc514b2dcdf883388e27

            SHA1

            eb8d142dda7c840d3169ec9e5542c23afbf474ed

            SHA256

            86c4cd8a365abfa5f8a4f68b6872b3afba80d1a5d14b1ed2b043084df0ae3b13

            SHA512

            f9b6f9843cbd375cf9451c1f49baaf29f3df42f44116d2988ba5aadabf5f09c5995e6119f5cadfca4ed74b040a22cd636adc4ba83a4d89394da6f7973df54a06

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\DEM4AF9.exe
            Filesize

            13KB

            MD5

            4273b59624dca0a79f515daf73d143d2

            SHA1

            007fc911cc44461e8480bf3746d4b510473e3c9f

            SHA256

            2589219e87594d69cc74afd22a9d0a0c0a0c5b9d65b5e173ee2321ab34c87a47

            SHA512

            6a03910a17a522dba7a19d1ce24e24eb19ebbfc140c505879e1982efd8477bb3db8e1254f674234b89d38d23b0691e453b233a455ceaf3526e12b2eee01b4afc

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\DEM9CD7.exe
            Filesize

            13KB

            MD5

            045f9e7229d8b2640c21715d5d8c5d5b

            SHA1

            010a1807729576c4b6ae254694085e9d84815c3a

            SHA256

            a587f2d2887995b6dbbab14b25ac9a42181aa34acb1483b16c43976f6372a597

            SHA512

            f476d4b20d00e22838fc3bcfadb7ffbd58cc5da14fb3c9c56f70681746d2d1f2e227a2dc1fea173300009ad0001dd1b3de1380a71977107f29f018cc647a90ab

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\DEMA222.exe
            Filesize

            13KB

            MD5

            9054d5700010662139dddc5260aacab6

            SHA1

            cae4cf7dc540babc2f97a344cf6faeb114f6e9aa

            SHA256

            0c9be706c448bf93aa05673720546e9bba360c2bbb1962352cb714d45e20974e

            SHA512

            357a0908ac6f2e134a36647dbce89bc8a333615c3d0fe981f75cd5cf614e6d2886f4b888dd537f5988806c31428fcd38018abedec4f77bec3e3f8a6e7d06dc3a

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\DEMF3F0.exe
            Filesize

            13KB

            MD5

            a567ac4ce2c672d8d8d127d5d7c39d87

            SHA1

            d5f3b91f594a285052d7755d6951ea72888004e9

            SHA256

            96e7edc1f6b7f490849a861fbbc95bd7920f1bea5c9b50a9038e61556dfda9bd

            SHA512

            399b12b509f7564517fa855d00d57f346c02d62adb0720ea405aececd08fc3538b3dc76cb02dcfcd6dea6e5951eaa9e028451c538fbccd81b315fed8b643a8a8

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\DEMF94A.exe
            Filesize

            13KB

            MD5

            b7de0b85439b6112e125bb91e63028d2

            SHA1

            b662b7f3c30a4fbce780542298839701cf8ec23b

            SHA256

            ce73cb0ad8ff4030b14d4f9e14329d1480d938e93adaebe2be23485e6e45a235

            SHA512

            9b7d204be84f4e207f9f6a09e487abe64afc47bc7329526481415fc1f8d39b396e524c8606170b6af7faa0bc6885b889e80d286039a33ad2cc32121d7e82b551

            Download Submit