Overview

overview

10

Static

static

10

a7356edf0a...cN.exe

windows7-x64

10

a7356edf0a...cN.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    115s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-10-2024 07:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a7356edf0a0c0a2b003ade063ff5d8817c9d73fc3a7b4f4605f03d44cfd602fcN.exe

  • Size

    55KB

  • MD5

    7d38e6e8b44aac1d4e7a3eb659837520

  • SHA1

    5a7c139618c8eb4ceb1e897a9e41b5cafceaf465

  • SHA256

    a7356edf0a0c0a2b003ade063ff5d8817c9d73fc3a7b4f4605f03d44cfd602fc

  • SHA512

    ae76d28657016ef48aad993ba53ee34a1ccba6f9c8af70ad9b458b3e877b828015ec8f8fd3585b25a579d4cf1aaf5c9e3c9e28b5b6fcf133b67afc4439a6e78b

  • SSDEEP

    768:l7kOpEBhA/vMHTi9bDIS+FPPPPrnMXOFc8pnD+orPPPPP:dkOpvnYi9boMXOFcMD+o

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 25 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7356edf0a0c0a2b003ade063ff5d8817c9d73fc3a7b4f4605f03d44cfd602fcN.exe
    "C:\Users\Admin\AppData\Local\Temp\a7356edf0a0c0a2b003ade063ff5d8817c9d73fc3a7b4f4605f03d44cfd602fcN.exe"
    1⤵
    • Checks computer location settings
    • Drops startup file
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4056
    • C:\Windows\OneDrive.exe
      "C:\Windows\OneDrive.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:3044
    • C:\Windows\SysWOW64\attrib.exe
      attrib +h +r +s "C:\Windows\OneDrive.exe"
      2⤵
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Views/modifies file attributes
      PID:4996
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3956,i,5469445176230119590,7931734017267321834,262144 --variations-seed-version --mojo-platform-channel-handle=3988 /prefetch:8
    1⤵
      PID:1416

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk
      Filesize

      1KB

      MD5

      535e7af4a92452eb36030af919f5452d

      SHA1

      8a2df10da262e9a8c14dc2dc45e601e65032b23a

      SHA256

      9790bc54c3927b25c28376f55851c54111af19a0019758ccf3b74c986a5989ac

      SHA512

      678fb1c9fbf575e54827d2872aea768257331c13d862b8f60253f7329a5d41df70bea2409ad5ff4acd4ab117ee82ebb515b0b2ff48fc776beab8398c2d0d4189

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Windows.lnk
      Filesize

      1KB

      MD5

      c42ac0abd4dc7de84037ac38260e8d3d

      SHA1

      d7e4d0b8d8cdcc5ed6cd0791604a98b682dd466c

      SHA256

      83028a556c575d7b1eaaf295927233a4e191a79d406a6fec4bfcec9cfe4ec887

      SHA512

      bd5b1cc781747c03665cebcc38ef7ebed67e431f93220863d5e0b5392676b270b16fa2473c9d7645daca33d1f746935d92dd4aaa2c2927796147816c3d132e5e

      Download Submit

    • C:\Windows\OneDrive.exe
      Filesize

      55KB

      MD5

      7d38e6e8b44aac1d4e7a3eb659837520

      SHA1

      5a7c139618c8eb4ceb1e897a9e41b5cafceaf465

      SHA256

      a7356edf0a0c0a2b003ade063ff5d8817c9d73fc3a7b4f4605f03d44cfd602fc

      SHA512

      ae76d28657016ef48aad993ba53ee34a1ccba6f9c8af70ad9b458b3e877b828015ec8f8fd3585b25a579d4cf1aaf5c9e3c9e28b5b6fcf133b67afc4439a6e78b

      Download Submit

    • memory/3044-17-0x0000000074950000-0x0000000074F01000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/3044-22-0x0000000074950000-0x0000000074F01000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/3044-23-0x0000000074950000-0x0000000074F01000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4056-0-0x0000000074952000-0x0000000074953000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4056-1-0x0000000074950000-0x0000000074F01000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4056-2-0x0000000074950000-0x0000000074F01000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4056-5-0x0000000074952000-0x0000000074953000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4056-6-0x0000000074950000-0x0000000074F01000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4056-16-0x0000000074950000-0x0000000074F01000-memory.dmp

      Filesize

      5.7MB

      Download