Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-11-2024 01:40

General

  • Target

    eb3b563b8cc82f30b01b08edbd1d5b64dc468ab2680dcbf718fc63a2fe628910N.exe

  • Size

    37KB

  • MD5

    a057e03b494fad24de1748180e68e720

  • SHA1

    5b3d46ebc0e789bdb4cf471883e9c192a65580c6

  • SHA256

    eb3b563b8cc82f30b01b08edbd1d5b64dc468ab2680dcbf718fc63a2fe628910

  • SHA512

    d144b2f319bdb3c267ab8b68dc93c00cdcb4d41894b7f1f838da2d584c19c3938f353151b600b2e98dcbd38b02827b04f7ab05c1a49b571f387a1ef92aa62139

  • SSDEEP

    768:Q3NXvkkRfDjHXRrs9sINeZEtejlIkoLN127BFVn2p4lAnZ8Oo+xNPDbRdvid6eex:EdbjXRrs9sINeZEtejlIkoLN127BFVn0

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eb3b563b8cc82f30b01b08edbd1d5b64dc468ab2680dcbf718fc63a2fe628910N.exe
    "C:\Users\Admin\AppData\Local\Temp\eb3b563b8cc82f30b01b08edbd1d5b64dc468ab2680dcbf718fc63a2fe628910N.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2928
    • C:\Users\Admin\AppData\Local\Temp\realupdater.exe
      "C:\Users\Admin\AppData\Local\Temp\realupdater.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:3308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\realupdater.exe

    Filesize

    38KB

    MD5

    ace23b26499e51b0741c2dec3a0e6d7c

    SHA1

    07d6351ee256cd86ebc3fba456daba77ee024eae

    SHA256

    726135d6bb9c16a6d027c10c108d46bd543a47770f8c7646229421541826164d

    SHA512

    13047d975427f77875572d26f6b90cf96b50e979210be910071c04da9ac065aae5abf46544340ab15ebe2998906f8e0af44b31bd2ee31c4b98ce2ac87db02396

  • memory/2928-0-0x0000000000FC1000-0x0000000000FC3000-memory.dmp

    Filesize

    8KB

  • memory/3308-9-0x0000000000A21000-0x0000000000A23000-memory.dmp

    Filesize

    8KB