Overview

overview

10

Static

static

3

2fcc802e95...0N.exe

windows7-x64

10

2fcc802e95...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/09/2024, 05:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2fcc802e959c931ed8fb9ca55015ec40N.exe

  • Size

    504KB

  • MD5

    2fcc802e959c931ed8fb9ca55015ec40

  • SHA1

    2bd533e1df7f071893516b9827eb34e2fbac9e1a

  • SHA256

    424fd39a2a5876c541fcbb4231d3787c9bcca19538cd165cfd8f3f09c09f4b98

  • SHA512

    d7d06fd33fe76c3377cdc56044645ed100c49c7806cca90dafc4f35a86db9f32db6464aa30a8d44382906bd10ae8bd018060737f75fbaa7ca0295086e3de357f

  • SSDEEP

    6144:NABkEoTgcAwdsuxQUdj18MgLSxaZPTIfhhKfd/O1mTSK014pv3e4Y:6BG3AwdXmJO4hIJ29Oz14xe4Y

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fcc802e959c931ed8fb9ca55015ec40N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fcc802e959c931ed8fb9ca55015ec40N.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Users\Admin\fiawu.exe
      "C:\Users\Admin\fiawu.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3344

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\fiawu.exe
    Filesize

    504KB

    MD5

    7d80b4833039ea4a01f34897eef7a082

    SHA1

    4e519e87fb17dc7a5de67fe16b86123ceafbaa1b

    SHA256

    082ff215a985f48115d429a20dbeb80a79ee8e89bba320f5233e2a47b34e2989

    SHA512

    106fe598aa93f45f670141af1b552d6a520f3c16be6a60859990ea4bc24e891e7a4ffb0a08a360b63b76dc21601cdb80a1f82e65d23033b139eb3b538b09e033

    Download Submit