Overview

overview

10

Static

static

3

c8bd5c9464...da.exe

windows7-x64

10

c8bd5c9464...da.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/11/2024, 18:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c8bd5c946433784b72d8d63a588ebcc68799a25370c69f91e48aab9889a68dda.exe

  • Size

    88KB

  • MD5

    5181195e5529775e9f4be4275635131d

  • SHA1

    b54a201097d3f37fbcf5aa2a38a8b898d952d13c

  • SHA256

    c8bd5c946433784b72d8d63a588ebcc68799a25370c69f91e48aab9889a68dda

  • SHA512

    082146632ff1d73d8e9b2afefced552a2c44c4acf0dd351d2c3db5303b5362aa2db6840126c75d947322592a5a10cfb05d5fc7586a58ebcfd2e6901ac1aef35c

  • SSDEEP

    1536:WxnFH+sKd/EsUzUVACD1LGLULKLdLaL7gW8ENVk4LyYaE:g5+7/EsUAtNVQVE

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 49 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c8bd5c946433784b72d8d63a588ebcc68799a25370c69f91e48aab9889a68dda.exe
    "C:\Users\Admin\AppData\Local\Temp\c8bd5c946433784b72d8d63a588ebcc68799a25370c69f91e48aab9889a68dda.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Users\Admin\zoeebir.exe
      "C:\Users\Admin\zoeebir.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2292

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\zoeebir.exe
    Filesize

    88KB

    MD5

    66b10329a86754093f6b23289ef62ab3

    SHA1

    6f3148a0e4609806334c1e77c9c6453ab5ded758

    SHA256

    717d3cdda378e13086db01b8b41fde097c5026abf809eaef8160983f14a0eec0

    SHA512

    5428c76b62ab60f29b4ab11544ae4c951e72a74b8a2e9aa7ea6adde6be2fe1a01ebab0deff3e75fb33ea526fdb3789ede534f10d7ce5f5980ef37c950602240e

    Download Submit