Overview

overview

7

Static

static

3

5fef71a315...0N.exe

windows7-x64

7

5fef71a315...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    108s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2024, 01:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5fef71a315e7337c44fb023335c3f735d65bf1ddb08228031388eca1dfa9f480N.exe

  • Size

    30KB

  • MD5

    b71eb70874c0c4eb3363b39b373c7f40

  • SHA1

    234bb2d486bd74218a9604f4c92f1625e07c12d3

  • SHA256

    5fef71a315e7337c44fb023335c3f735d65bf1ddb08228031388eca1dfa9f480

  • SHA512

    f635bd4abe1e95008af0b2ecdb1f9d0ec0888e4c67e910bb95f367992070f1e531d5c217d5e33103f42b07abee14e65d9e118c735ccaa553f7a568eb662cdad6

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBjb1o:X6QFElP6n+gJQMOtEvwDpjBn+

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5fef71a315e7337c44fb023335c3f735d65bf1ddb08228031388eca1dfa9f480N.exe
    "C:\Users\Admin\AppData\Local\Temp\5fef71a315e7337c44fb023335c3f735d65bf1ddb08228031388eca1dfa9f480N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2572

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          30KB

          MD5

          0be888949155f19763e32f9b4fe09578

          SHA1

          3e115f565331f4868ed45adf8c1b8e29a08c78b4

          SHA256

          ffc05f9aa8dce84f6f97bdf01889f536dea311ee505166459d48c5ff4db188d5

          SHA512

          02b8ddfc52bb822acf9c43a9a0e1e3c16b99a236da0a0e1b24b55e3fda280313be6a4c97d4f343b7d92c6275212efba641d61e684b0b1db929935d97f80ea221

          Download Submit

        • memory/2092-1-0x0000000000490000-0x0000000000496000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2092-8-0x0000000000440000-0x0000000000446000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2092-0-0x0000000000440000-0x0000000000446000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2572-15-0x00000000002C0000-0x00000000002C6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2572-16-0x0000000000380000-0x0000000000386000-memory.dmp

          Filesize

          24KB

          Download