Overview

overview

10

Static

static

3

01527c7b4d...1d.exe

windows7-x64

7

01527c7b4d...1d.exe

windows10-2004-x64

7

043d28836f...9f.exe

windows7-x64

10

043d28836f...9f.exe

windows10-2004-x64

10

096fc162ed...c8.exe

windows7-x64

10

096fc162ed...c8.exe

windows10-2004-x64

10

setup_installer.exe

windows7-x64

10

setup_installer.exe

windows10-2004-x64

10

22160bff37...4c.exe

windows7-x64

3

22160bff37...4c.exe

windows10-2004-x64

3

258cbb13ac...bd.exe

windows7-x64

3

258cbb13ac...bd.exe

windows10-2004-x64

7

25d79c1a50...7f.exe

windows7-x64

3

25d79c1a50...7f.exe

windows10-2004-x64

7

2ca08c7f0f...3f.exe

windows7-x64

3

2ca08c7f0f...3f.exe

windows10-2004-x64

3

500e7e5c00...44.exe

windows7-x64

10

500e7e5c00...44.exe

windows10-2004-x64

10

setup_installer.exe

windows7-x64

10

setup_installer.exe

windows10-2004-x64

10

5564c44275...a2.exe

windows7-x64

10

5564c44275...a2.exe

windows10-2004-x64

10

5cb26af890...00.exe

windows7-x64

3

5cb26af890...00.exe

windows10-2004-x64

3

775338ae18...e4.exe

windows7-x64

10

775338ae18...e4.exe

windows10-2004-x64

10

7dc7ca2414...84.exe

windows7-x64

3

7dc7ca2414...84.exe

windows10-2004-x64

3

809ed9e2d0...41.exe

windows7-x64

10

809ed9e2d0...41.exe

windows10-2004-x64

10

setup_installer.exe

windows7-x64

10

setup_installer.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-11-2024 11:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    01527c7b4dffc0803a58b1eda45308400edc796e707f0bab183e3278c3ec521d.exe

  • Size

    4.3MB

  • MD5

    70870cf28b7e34965164f88d013f1427

  • SHA1

    276d79157888ae8067a342ec8bd9ddf2df388154

  • SHA256

    01527c7b4dffc0803a58b1eda45308400edc796e707f0bab183e3278c3ec521d

  • SHA512

    11ff4fc1bc488a550130bac711fbc4d068239b5e9ea14ff93820eb9f064f869046b0bea108541947fb50e0ec0343a1f83526e59b143bf131200752c85e97f1cc

  • SSDEEP

    98304:SKqy05D3wOg94At1/VjIwPDwyaZHb2GTrbemwgfvJdPlCp4WV3:Sn5Dgt94AtJSw7wyaZRbem/Zc4Wd

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01527c7b4dffc0803a58b1eda45308400edc796e707f0bab183e3278c3ec521d.exe
    "C:\Users\Admin\AppData\Local\Temp\01527c7b4dffc0803a58b1eda45308400edc796e707f0bab183e3278c3ec521d.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4616
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Crack.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Crack.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4416

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Crack.exe
    Filesize

    96KB

    MD5

    827ae659131c0058086d9b38bf378523

    SHA1

    0ffcbf3097f6c0487469f728d28622f28843ffff

    SHA256

    b645101f39b30453587d2cfbc674bc105c9dcb2195f7fda87fb7d3debac57b21

    SHA512

    c44b71e1e4ca4bf5ac6686ee0fd31768114d58c8afd5b1fc952a3af7dab3438a3309dca5ef8fe97ffb0a3b2525e5cd77692a0d031a9fb134b0721e5c99cfba07

    Download Submit