Overview

overview

7

Static

static

3

feac0e1e25...88.exe

windows7-x64

7

feac0e1e25...88.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    110s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/11/2024, 06:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    feac0e1e2585b43e726ceea6c6f558d01e4ae8d236e00d328915392dddbed388.exe

  • Size

    16KB

  • MD5

    c6c4a0eec4fd1bb3c516ba553c4bfaa5

  • SHA1

    59f9ec19a4f3ea832aa9af2ff8f78752c504de7b

  • SHA256

    feac0e1e2585b43e726ceea6c6f558d01e4ae8d236e00d328915392dddbed388

  • SHA512

    fe43c5e3b55b6e0563b715b4a223a2796c02ea1f3225e90f6e0d3abea0b81bdcd8191a55674557ecf87b0374e59b93a205339ea511fe531ddb7ed3c873be789b

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhD8Zn:hDXWipuE+K3/SSHgxt6n

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\feac0e1e2585b43e726ceea6c6f558d01e4ae8d236e00d328915392dddbed388.exe
    "C:\Users\Admin\AppData\Local\Temp\feac0e1e2585b43e726ceea6c6f558d01e4ae8d236e00d328915392dddbed388.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3472
    • C:\Users\Admin\AppData\Local\Temp\DEM74A3.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM74A3.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2520
      • C:\Users\Admin\AppData\Local\Temp\DEMCB3F.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMCB3F.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:5044
        • C:\Users\Admin\AppData\Local\Temp\DEM215E.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM215E.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4420
          • C:\Users\Admin\AppData\Local\Temp\DEM776D.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM776D.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:4936
            • C:\Users\Admin\AppData\Local\Temp\DEMCD5D.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMCD5D.exe"
              6⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:2560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM215E.exe
    Filesize

    16KB

    MD5

    0e59a325fd947aa93e3420940fdf5b2f

    SHA1

    3c5e764e73fe1ee441ddfabbca5eba34d95d3985

    SHA256

    3af74311f350932443edf1e4010398af803106be978e1a51d8f3e985c29099db

    SHA512

    a2f1abec8db917d443fe9332954e15b2e7dc3771f490be40f34c5dd793b81471ff6b717a6138539845a745bfe9db77547c5ed6efdf78fc1f919102001dd51a2b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM74A3.exe
    Filesize

    16KB

    MD5

    321c353815037a42addc54d7ba211cac

    SHA1

    45ffca1e3f89d8b26c75162683107616b1c751d1

    SHA256

    ddd0d371efe2c73ad8b2409d6c679a1f1dc3add30b35b71e4d1e9e3d7ac35acd

    SHA512

    ba09cb0cd731fda23767ebd5068ed607773705e717adbe34fc4310a87bad8ae34daa035c81866543f32f39d4dfc93172498a71840b65e561908ce16056873703

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM776D.exe
    Filesize

    16KB

    MD5

    ba0f6a6e7744fbc0282916bb120c7739

    SHA1

    6158a63896373d44f79dcf430dfa8e4f7d86c018

    SHA256

    29759824b285b70e52698f7cee779076df87e73aac37d3ca70756037946e14fb

    SHA512

    b44fc65d0077cbddf608e3ce5f001649d90e8d686e25851d85e646ee0ac3b7d7da20f170f7f9374805cd68277aff065b8f9e7075751d3cfccb1a4eb760e2a42d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMCB3F.exe
    Filesize

    16KB

    MD5

    fc2c6f677b6e74144c6bbfd9293d0997

    SHA1

    5257ee0edb2af52fa1ea70054b4fc74dc1e93734

    SHA256

    02207d9fff2aa8190721e8c02449e1b3afbc988e8e39c98fa890feb6a091a8bb

    SHA512

    c44406b7d26edaec3063befaa371cb327bfdbe86bf0fb76fde048e13bb3fc20042bbbb3abba52ad008915a91518028727b14632725b629c9f744def30bb019c4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMCD5D.exe
    Filesize

    16KB

    MD5

    8a681363479548efca756e1f802b89a9

    SHA1

    337fcd44277719bc399eab6deff4facdb20d2f40

    SHA256

    9808890bb41ca4b6b365bdefa39adad14c15abe4b981e786b371141126d373c7

    SHA512

    1b3c9710f377a20b92b44ac3f4b8422d5f246af84c9c28bdbb7f2dec81a20ee6986f279eb6bf27b56e98b0724c0a0d5d546fd8d4cba579b7706f7bf2784b8e3d

    Download Submit