Overview

overview

6

Static

static

3

fe62431c50...8N.exe

windows10-ltsc 2021-x64

6

Resubmissions

21-01-2025 17:40

250121-v8zm2swjck 6

21-01-2025 16:56

250121-vfsn2atpfl 10

Analysis

  • max time kernel
    15s
  • max time network
    18s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250113-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    21-01-2025 17:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe62431c50ad3f194cc5a51da58d0c1d8281ada4d910f51cb1df27f66a681ab8N.exe

  • Size

    280KB

  • MD5

    bace252b49b68a0099f8ecdda382b250

  • SHA1

    49c319ec9fdebe5e8d896a9825fe128bc6a29af9

  • SHA256

    fe62431c50ad3f194cc5a51da58d0c1d8281ada4d910f51cb1df27f66a681ab8

  • SHA512

    85b88f965fc2f4c4e9bdf34a6846d696f5759d99a8c64db3487d5e9afbfcb8494fd05751361feeed309ea8834526cf83130a535f446b8afac5de9bef111e5ea0

  • SSDEEP

    6144:boy5p178U0MURaGyNXYWQzHazRfXrwSRnWwhrQ66f32:boSeGUA5YZazpXUmZhZ6f2

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\fe62431c50ad3f194cc5a51da58d0c1d8281ada4d910f51cb1df27f66a681ab8N.exe
    "C:\Users\Admin\AppData\Local\Temp\fe62431c50ad3f194cc5a51da58d0c1d8281ada4d910f51cb1df27f66a681ab8N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    PID:4412
    • C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe
      "C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"
      2⤵
        PID:3632

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe
      Filesize

      280KB

      MD5

      433c075d723956cf94f14395404709b8

      SHA1

      bfafdf4955a5efed9ef64b8aff7bce51517a1dc8

      SHA256

      f08393b1b474a10e142e3fe75caadd35690a4b806a94d37f9b92bea9308a6063

      SHA512

      826f20eeaa52dfc732b76b6dc63d069daed72c5564d3bba6247a9ad542d43c86eb7a05f31d33613f219a79aaeb5b0fe5cdf49fb95ca8d6541409f7ea5002ec0c

      Download Submit

    • memory/3632-24-0x00000000746C0000-0x0000000074C71000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4412-0-0x00000000746C2000-0x00000000746C3000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4412-1-0x00000000746C0000-0x0000000074C71000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4412-2-0x00000000746C0000-0x0000000074C71000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4412-3-0x00000000746C0000-0x0000000074C71000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4412-4-0x00000000746C2000-0x00000000746C3000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4412-5-0x00000000746C0000-0x0000000074C71000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4412-6-0x00000000746C0000-0x0000000074C71000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4412-7-0x00000000746C0000-0x0000000074C71000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4412-25-0x00000000746C0000-0x0000000074C71000-memory.dmp

      Filesize

      5.7MB

      Download