Overview

overview

10

Static

static

10

e02ed5061c...6N.exe

windows7-x64

7

e02ed5061c...6N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    115s
  • max time network
    117s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-10-2024 16:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e02ed5061cdec08c9e33981f0d75819fc74caba852a830679e6e96e913ca8306N.exe

  • Size

    483KB

  • MD5

    4407e9b5c2822d8df76aeaebe6cc8510

  • SHA1

    688fc138a465035489078457c60b982c2814dced

  • SHA256

    e02ed5061cdec08c9e33981f0d75819fc74caba852a830679e6e96e913ca8306

  • SHA512

    5d1b8d2c71906d73425a22b6edc5e9db7d862109f568ca23d43751ca4e0582c673c58d6f5ced0e444bc81655c66d1fbb7a30bb8a5608a8a776530e3304abf531

  • SSDEEP

    6144:rXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZ5AXIcN35Gv:rX7tPMK8ctGe4Dzl4h2QnuPs/Z5qcv

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e02ed5061cdec08c9e33981f0d75819fc74caba852a830679e6e96e913ca8306N.exe
    "C:\Users\Admin\AppData\Local\Temp\e02ed5061cdec08c9e33981f0d75819fc74caba852a830679e6e96e913ca8306N.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1124
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\wfscznyafkcepyhirsuai.vbs"
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\remcos\registros.dat
    Filesize

    144B

    MD5

    5828886c3c898da95da2559edcf47a12

    SHA1

    a158689316b2e4afab06b8e745c7a7d188dc9756

    SHA256

    e53c3ac8267c8713452725dae318c328fc152f22d82503792d2a9dcd7d4fcf68

    SHA512

    b77baa60eb8b183b4013f660a3916c6211003099e1beb25b33308e2ad59e37e1d332ae62f7aa5e2b0f35e86828d1fd3cee5c6e9acb967b26bf9179de51867548

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wfscznyafkcepyhirsuai.vbs
    Filesize

    732B

    MD5

    e37ca967a6c6fd157b186dc90f7352b1

    SHA1

    47f5341389e7b4e15bfa7540f7a9846d81fea0bd

    SHA256

    ab8df3c1c054b81de732d70791fddc8220811004bdbf022734480d03aa4d54c5

    SHA512

    87df7bf8fb14b2d74bf0d3501d83b38f66e56616e776e605e744de3ba29ae1f6610edcefcf3840cf811fbfab8cc345944168b41a62a48ae895ded34d58578551

    Download Submit