Overview

overview

7

Static

static

3

58fdf27666...85.exe

windows7-x64

7

58fdf27666...85.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    112s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-11-2024 11:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    58fdf276667f55425c147f77ce7d357f844128072d88f1fe0f5705fe2ad79d85.exe

  • Size

    20KB

  • MD5

    fd01b96befef060da133465b23dab5ee

  • SHA1

    247f17ab86ec296e0d0b7a1d17060960fe82e8d4

  • SHA256

    58fdf276667f55425c147f77ce7d357f844128072d88f1fe0f5705fe2ad79d85

  • SHA512

    5f6ff87ac7d0b8acd5e131cac5f65268cbff0eb4ec9ad4bce59d0379ea942474eb2d7a6ac6c67f36f79eebf7a71684a3041000aa3063d29d681239729440d818

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhYQMx+L4113:hDXWipuE+K3/SSHgxmHZ19

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\58fdf276667f55425c147f77ce7d357f844128072d88f1fe0f5705fe2ad79d85.exe
    "C:\Users\Admin\AppData\Local\Temp\58fdf276667f55425c147f77ce7d357f844128072d88f1fe0f5705fe2ad79d85.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3564
    • C:\Users\Admin\AppData\Local\Temp\DEMC6BB.exe
      "C:\Users\Admin\AppData\Local\Temp\DEMC6BB.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3252
      • C:\Users\Admin\AppData\Local\Temp\DEM1E80.exe
        "C:\Users\Admin\AppData\Local\Temp\DEM1E80.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4892
        • C:\Users\Admin\AppData\Local\Temp\DEM75C7.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM75C7.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2344
          • C:\Users\Admin\AppData\Local\Temp\DEMCCB1.exe
            "C:\Users\Admin\AppData\Local\Temp\DEMCCB1.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:2972
            • C:\Users\Admin\AppData\Local\Temp\DEM23DA.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM23DA.exe"
              6⤵
              • System Location Discovery: System Language Discovery
              PID:2560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM1E80.exe
    Filesize

    20KB

    MD5

    9229868159f3ba4b7c8f3492dfe17181

    SHA1

    8777a38c1f13d993bcd5b0b05b9ecc8814c2fd2d

    SHA256

    2eb90b1e209c73552dc7a793f3c668f3963c93e2365304f83866adcad038db08

    SHA512

    e3b202d78eead74b7504378a7f741bba3d9895e300e2d2ebf6b922dfda3cd4832a559118def952d83873b39f942423d633a5733028c80225bdb8f2f775a5b00f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM75C7.exe
    Filesize

    20KB

    MD5

    9782dfe4a9c48f589bd0a1db74f78ace

    SHA1

    da89258f393c6f7c9310889cc64ba87e54b5f7c4

    SHA256

    14ae534c9104307018f88cf7e9bc9eb9cb5638bf5f767568a5f2536a817e1c29

    SHA512

    40a8aab044851ed17cea0e582178f9d4d9545a0403321e7675578e06f277cc77d82a8f8bb857ded2f47ca3208d1b975a631cb6c95b97b0e1abb0c2ae285928ad

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMC6BB.exe
    Filesize

    20KB

    MD5

    a372b199f222137c815f05096f9d7816

    SHA1

    6c7e53533c79dba881985d4d1cd7936c29c35072

    SHA256

    2df8e30585fd4c24c2919438a892367fd986905d1ed14b5fb0ee6d6c876e1c5e

    SHA512

    2e21970393eac3369047edcb27b24aa824f9445dd456e4c38e47c6341bd6b1e026641559e5ab6d4b1a9aba42ec1c5bf1b2c8fe2c6425e0588a79701c78f05052

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMCCB1.exe
    Filesize

    20KB

    MD5

    85d65256066a2bd41e23fb21e73e20a2

    SHA1

    974b70c56e76b8419a3e04d3c53dace7d0d9e445

    SHA256

    e78b5a186d3ed49b468c33d25b5a50668ecb99229327d65b6a36a55155b34375

    SHA512

    a3f9c22dd85a092b2ed643120e247a6c2df0d72d07e0da51d61d53bbcc5315bffcca6fd1a931b7db2114883d88cbcf0e947a4d65e06590fa5274cf6e9df17a8c

    Download Submit