Overview

overview

10

Static

static

10

4b5d342b8c...86.exe

windows7-x64

9

4b5d342b8c...86.exe

windows10-2004-x64

9

4bb452a3de...a3.exe

windows7-x64

10

4bb452a3de...a3.exe

windows10-2004-x64

7

4bbf1f33d0...4d.exe

windows7-x64

8

4bbf1f33d0...4d.exe

windows10-2004-x64

8

4bc17871c1...64.exe

windows7-x64

10

4bc17871c1...64.exe

windows10-2004-x64

10

4be84836f6...c8.exe

windows7-x64

10

4be84836f6...c8.exe

windows10-2004-x64

10

4c2f38b994...d5.exe

windows7-x64

10

4c2f38b994...d5.exe

windows10-2004-x64

10

4c948e4226...26.exe

windows7-x64

10

4c948e4226...26.exe

windows10-2004-x64

10

4ca1d61a24...2e.exe

windows7-x64

10

4ca1d61a24...2e.exe

windows10-2004-x64

10

4cc3e6fe69...22.exe

windows7-x64

10

4cc3e6fe69...22.exe

windows10-2004-x64

10

4cf9706999...8e.exe

windows7-x64

10

4cf9706999...8e.exe

windows10-2004-x64

10

4d8cd82fa6...d5.exe

windows7-x64

10

4d8cd82fa6...d5.exe

windows10-2004-x64

10

4d947659fe...19.exe

windows7-x64

10

4d947659fe...19.exe

windows10-2004-x64

10

4dac62ad00...ec.exe

windows7-x64

10

4dac62ad00...ec.exe

windows10-2004-x64

10

4dde57eed0...7b.exe

windows7-x64

10

4dde57eed0...7b.exe

windows10-2004-x64

10

4e1fdde317...d3.exe

windows7-x64

10

4e1fdde317...d3.exe

windows10-2004-x64

10

4e248cce2f...a7.exe

windows7-x64

10

4e248cce2f...a7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/03/2025, 06:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4bb452a3de5825053bceee8fd5ee6db144ef8c4615a71a8408ee7de4df789fa3.exe

  • Size

    579KB

  • MD5

    f26ad40d3a15fc5453456dc9047cabe6

  • SHA1

    0322588ead1761f11715a5723f15f391e9211617

  • SHA256

    4bb452a3de5825053bceee8fd5ee6db144ef8c4615a71a8408ee7de4df789fa3

  • SHA512

    438349889e6d27fd88e9c62d015b74e55dcd78d1d720c1b9b8e3e18c45a19bbe338ea9da58ca729221facaca22cdf54c808a127524aa73bb445145f7bba72333

  • SSDEEP

    12288:YbD5arFJwK6hMJ6ZzHFZfc28beMGTfZuqb7q:rBJwdhMJ6ZzHrfcsMGTfZ5Pq

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4bb452a3de5825053bceee8fd5ee6db144ef8c4615a71a8408ee7de4df789fa3.exe
    "C:\Users\Admin\AppData\Local\Temp\4bb452a3de5825053bceee8fd5ee6db144ef8c4615a71a8408ee7de4df789fa3.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1348
    • C:\Users\Admin\AppData\Roaming\Webdevelop\Webfrequency.exe
      "C:\Users\Admin\AppData\Roaming\Webdevelop\Webfrequency.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4076
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        3⤵
          PID:4288

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Webdevelop\Webfrequency.exe
      Filesize

      579KB

      MD5

      1dd0b3f102c6109ead2eb64d37d86f2f

      SHA1

      77ac0c672cd8b5472bd50b7091ec0920347d592d

      SHA256

      f5ec76337fe8f1583399829b93250d89bbcd8ccd5638181b0bff7a7272a2d748

      SHA512

      52d791c27525e17537cb58113b16d4e558a7c2c6cd54c9e9a600dbeb52ca643d965fb207b4cfaac57e08b8de086752ebd2ac90fb61736ddabc07dd82618b548f

      Download Submit

    • memory/1348-8-0x0000000074AF0000-0x00000000752A0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1348-0-0x0000000074AFE000-0x0000000074AFF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1348-3-0x0000000005A20000-0x0000000005AB2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/1348-4-0x0000000074AF0000-0x00000000752A0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1348-5-0x00000000059D0000-0x00000000059DA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1348-6-0x00000000059C0000-0x00000000059CA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1348-2-0x0000000005F30000-0x00000000064D4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/1348-1-0x0000000000F40000-0x0000000000FD4000-memory.dmp

      Filesize

      592KB

      Download

    • memory/1348-7-0x0000000074AFE000-0x0000000074AFF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1348-23-0x0000000074AF0000-0x00000000752A0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4076-22-0x0000000074AF0000-0x00000000752A0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4076-24-0x0000000074AF0000-0x00000000752A0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4076-25-0x0000000074AF0000-0x00000000752A0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4076-26-0x0000000074AF0000-0x00000000752A0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4076-28-0x0000000074AF0000-0x00000000752A0000-memory.dmp

      Filesize

      7.7MB

      Download