Overview

overview

7

Static

static

3

22e724068b...ea.exe

windows7-x64

7

22e724068b...ea.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    111s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-11-2024 11:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22e724068bb8abac1701735bfa0c4880e537ef0c133e70b6c9206730dc9f6aea.exe

  • Size

    16KB

  • MD5

    b0e05181a30116cd1befa351b933e310

  • SHA1

    44519a4290f97ca5ce353226aa08317c55f7a82e

  • SHA256

    22e724068bb8abac1701735bfa0c4880e537ef0c133e70b6c9206730dc9f6aea

  • SHA512

    5ec47d852cd20b0c1d6cef7d0ada97e0f3d6a2432271e1ffc9cf4cd14facdb01f26e18cd6e6591f8f351e519456ef02c39d4fbed9bb1ee995abcaa10396883d2

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhZlDH:hDXWipuE+K3/SSHgx3lDH

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22e724068bb8abac1701735bfa0c4880e537ef0c133e70b6c9206730dc9f6aea.exe
    "C:\Users\Admin\AppData\Local\Temp\22e724068bb8abac1701735bfa0c4880e537ef0c133e70b6c9206730dc9f6aea.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5072
    • C:\Users\Admin\AppData\Local\Temp\DEM7D5E.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM7D5E.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4824
      • C:\Users\Admin\AppData\Local\Temp\DEMD4F3.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMD4F3.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3180
        • C:\Users\Admin\AppData\Local\Temp\DEM2BDD.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM2BDD.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4488
          • C:\Users\Admin\AppData\Local\Temp\DEM82B8.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM82B8.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2384
            • C:\Users\Admin\AppData\Local\Temp\DEMD934.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMD934.exe"
              6⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:4740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM2BDD.exe
    Filesize

    16KB

    MD5

    7d3c893caceba9dcf5b4e1d9beba3f7f

    SHA1

    7eee576ad350edc9e65a7048aa0435bf9dc789f2

    SHA256

    f4d9c0fc51d1b605a0dd83576342ea2d676e75d5af0888eb7df9172c4610df51

    SHA512

    c29edc13af6a1ca2acade1c09247a969d88360ab8d1c9458f9518d47029a48afc43170c017fb12427569b6a045296b6eb384567b0333a4e8741a6fe1a517d8e5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM7D5E.exe
    Filesize

    16KB

    MD5

    072b7c89fbf29257663e860757ff6830

    SHA1

    484d4cae6a365622abd012f75facdc946b950bbf

    SHA256

    e092e0947245bcf2942d504584367f5ae50491d70ebf8c5db335ba4f551fa9af

    SHA512

    2d236734c6f7e2743b1a7e4c5587848947b9d481dc6cdcf96d793e81aa0050469d7be6f5924a8b2d71836bed288c1db01384886f67d2651e61ffeeeb4d0bdded

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM82B8.exe
    Filesize

    16KB

    MD5

    f269af8f9572efedd647f809e5de9318

    SHA1

    2f46f28dc1dbb14fce711d630d27bfe590bbd9bc

    SHA256

    2f9fc686aad970f925c5829a4430c0f3c9323f23e2e2dde9f4c0f0bbc8b90bbc

    SHA512

    e0bf9130709cf4565d9e68f0b634b3aa2d76a48303be4f26b9552919d967b774d897726119f71afc18378a83e6dd64e574aac0d00db32c755dbe4549fb4b8594

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMD4F3.exe
    Filesize

    16KB

    MD5

    840d8c667035c07d5b344e0c82a4d072

    SHA1

    74cef2ba23e34c1de045a4bde1e13b4f17520b04

    SHA256

    ee661c677b0835e780071384d7f7f5d3211b216204e5275e566260484060fac7

    SHA512

    fa96f6fc0bad5263d3a487f3e90dca2318d335b32fe83081f39d21a64f41b3f601ccc919ed340507582389527348ce3a665ccc0d089eac0cdc5af360ccd8077b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMD934.exe
    Filesize

    16KB

    MD5

    8e79610c1847d4817f7328e3e99db67d

    SHA1

    fb33216248f616dc23fd4a15b026fe24d59d93eb

    SHA256

    f7d4ec77ba0c1b92c4801c3c53440ecbc9e6d8cd1a88f4c355cc977b1935367a

    SHA512

    ac51b3d666549378cf4c64216149c3adfaf0a1296f5fcd4b0a4461e81ca74a827d15413f4b4f3f112d37595bb730e47c4af90615db307c7f61fb49c4ed33e0fe

    Download Submit