Overview

overview

10

Static

static

3

567175bc7d...57.exe

windows7-x64

10

567175bc7d...57.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/09/2024, 21:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    567175bc7d33618e9bbe5992b266dae2fc2aaa3070e6e956290c50e75c32ac57.exe

  • Size

    196KB

  • MD5

    16a34d504b0437b2c64dc84c3d4b9eaa

  • SHA1

    bda2256990b185ebf0991a4ae8d03a15e8277c64

  • SHA256

    567175bc7d33618e9bbe5992b266dae2fc2aaa3070e6e956290c50e75c32ac57

  • SHA512

    1013270f20d8156d256dacf83c158ab080b0bc76b73dbb8a36d1f0c59278895d9c9598f38edc028141e4a2c9dc454536c8b47bc432b9c6a1af8bc0eb90ba5c20

  • SSDEEP

    3072:Aystb0tQ9nLHbB9WJvA7DejJuKvEhfmHn8:y4QxL7B9WSvejJuB+8

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\567175bc7d33618e9bbe5992b266dae2fc2aaa3070e6e956290c50e75c32ac57.exe
    "C:\Users\Admin\AppData\Local\Temp\567175bc7d33618e9bbe5992b266dae2fc2aaa3070e6e956290c50e75c32ac57.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3284
    • C:\Users\Admin\kuiuha.exe
      "C:\Users\Admin\kuiuha.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3496

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\kuiuha.exe
          Filesize

          196KB

          MD5

          d583df191f8ee446fad1dfc09698ca4b

          SHA1

          7e394a7265eea5cb8a2a7c2fbc3123376161d531

          SHA256

          595e1e15b8c6bffd146ebcbfbfa60e46754989c843c00bea73e584bb20d763bf

          SHA512

          b924c53a11f900e228fbe9479889f798f514886030dbfdb1d146fceed052472dc96519b7f1cbee3ebf12acf8ac59edf3dc4f74f0d289fa96181728a67798391f

          Download Submit