Overview

overview

10

Static

static

10

f5ae5532f1...b5.exe

windows10-2004-x64

10

f5cb51ffdb...c0.exe

windows10-2004-x64

10

f5ed127464...bc.exe

windows10-2004-x64

10

f62837f3bc...7a.exe

windows10-2004-x64

10

f628fa20e8...3b.exe

windows10-2004-x64

10

f640f01e80...c5.exe

windows10-2004-x64

f66fa3036e...07.exe

windows10-2004-x64

7

f68f044685...50.exe

windows10-2004-x64

3

f6ac1ea5c1...25.exe

windows10-2004-x64

8

f6b7978847...1a.exe

windows10-2004-x64

7

f6e2978004...35.exe

windows10-2004-x64

10

f721adec82...71.exe

windows10-2004-x64

10

f736c152b3...c8.exe

windows10-2004-x64

10

f780377dd9...c9.exe

windows10-2004-x64

7

f7a96bf083...c8.exe

windows10-2004-x64

1

f812ad48d0...9b.exe

windows10-2004-x64

7

f8173be0fb...a4.exe

windows10-2004-x64

1

f835ddaf49...d7.exe

windows10-2004-x64

10

f846950431...1c.exe

windows10-2004-x64

10

f89219b77e...00.exe

windows10-2004-x64

10

f8a3f1d5a1...b0.exe

windows10-2004-x64

10

f908d30321...39.exe

windows10-2004-x64

10

f926cc363c...a8.exe

windows10-2004-x64

10

f947bf8f07...dd.exe

windows10-2004-x64

10

f97418dbfc...06.exe

windows10-2004-x64

7

f98ee08aed...cc.exe

windows10-2004-x64

10

f990d850e1...f8.exe

windows10-2004-x64

8

f99ae4a378...93.exe

windows10-2004-x64

10

f9a573b21a...18.exe

windows10-2004-x64

10

fa0d8e0c80...8e.exe

windows10-2004-x64

10

fa8e531e08...84.exe

windows10-2004-x64

10

fa942bbb98...d7.exe

windows10-2004-x64

10

Resubmissions

14/04/2025, 07:51

250414-jp1kfssjz9 10

14/04/2025, 07:46

250414-jl9nyssjt9 10

08/04/2025, 15:58

250408-tevasswl18 10

08/04/2025, 14:19

250408-rm2nqsvqw2 10

Analysis

  • max time kernel
    102s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/04/2025, 14:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f780377dd90d33c8280734d882fc2ac9.exe

  • Size

    12KB

  • MD5

    f780377dd90d33c8280734d882fc2ac9

  • SHA1

    2ca8e1e97f1d9893389ea6f7505fe7c24924b387

  • SHA256

    d44c91defb81890cb0045d3a612485a4db65c1f4e52ce405efa453b8a07229e7

  • SHA512

    ffa397cbe485bef45d52cbe19527bd7e16d5fe3847e80844dbb45fe96effefb8f0c3cfdcfa9d164786a063d6bc74a38c99ec2bab132b3841caaefb72b26be643

  • SSDEEP

    384:SL7li/2zcq2DcEQvdfcJKLTp/NK9xa4f:MYMZQ9c4f

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Uses the VBS compiler for execution 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f780377dd90d33c8280734d882fc2ac9.exe
    "C:\Users\Admin\AppData\Local\Temp\f780377dd90d33c8280734d882fc2ac9.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:676
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\gk2jxh1s\gk2jxh1s.cmdline"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4724
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9AB9.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcBCD7502B2D89487983AEEB982BB61A7C.TMP"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:392
    • C:\Users\Admin\AppData\Local\Temp\tmp9972.tmp.exe
      "C:\Users\Admin\AppData\Local\Temp\tmp9972.tmp.exe" C:\Users\Admin\AppData\Local\Temp\f780377dd90d33c8280734d882fc2ac9.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:60

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RE.resources
    Filesize

    2KB

    MD5

    b32c145bc23aa8d031f0ff368b74140a

    SHA1

    940f3f7b9e589f2072690775c3d5c8c4bb5997a1

    SHA256

    ada27b4197139aad46139190b2569f347cd2da600d1a7ed035237dd90f82271c

    SHA512

    30183f9e747e70efd21ff2272c04a33f654b6ae1d123703be8d726278ddeba6dad992972f129e9c3184bcb201e7f4c4604c578d6b42163d84bdb8302b60112e9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RES9AB9.tmp
    Filesize

    1KB

    MD5

    7e7dda615f02ed488df4b1a882a1625e

    SHA1

    290b2eb93fc22051c036a891eeca8766ead2ac9a

    SHA256

    0553ab1b851bb6e0ebbdaa2c02fa270b78add1341d66f850c7e773182fd146ad

    SHA512

    0fcae810e15767159590ea3385703782c263a517d37648bc0a37e0653a87173c5e2f4f4886f80d7e6cf1730f44757fd206415d5b7bbfab81a3bf08d5f2b52a5a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\gk2jxh1s\gk2jxh1s.0.vb
    Filesize

    2KB

    MD5

    e1fd69bcf7cbe295e40fbfaf09df0767

    SHA1

    21f658d90c5591f7f266a70689d0e7aca79cca19

    SHA256

    b0e695a6dfbae993a99e93a8bea8f90af0bf22e853d9ef08391526c0f7cd24f5

    SHA512

    919e27f3fdced7805e2848721ddd219e7ba69ece6b7de486d1972892bc20b8f560af4018a78addf72628e0c06c1d181f37c257101afae9c832add89b1799469b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\gk2jxh1s\gk2jxh1s.cmdline
    Filesize

    273B

    MD5

    d86c28d5692e312390e980194ffe21b7

    SHA1

    917bf56cfda071af651c2c1264ab1f26da8e03c5

    SHA256

    ac344b1aa38dc33d2da57e3977ddedcd2c9e326b3a9261d3d9d152e167eacede

    SHA512

    697c9b8b489b160052457081696dbf7c51398a1e48149a81c2696bda18d24c56b28ba3aa30a39937ea55c698cf461b149c7d440cfd3bd3ec021b709c0787ab10

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tmp9972.tmp.exe
    Filesize

    12KB

    MD5

    04f6651b057ed3bc12e352e8c203858e

    SHA1

    735dcc502f960d3e69d8da123af2d22eb09367bb

    SHA256

    c7e31c7ec73f6462e826dd877a2e6c5aa4deb1f8ecf31dfa58299745407a740e

    SHA512

    95cf755eefa242e3ddc5c2fadbc29de2e3cc304e983866f7d3ce12e1b8a2f291f3e48a15ca7ca401f664473704ffc94727f93197cfcb74baf709553c8bb89fae

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\vbcBCD7502B2D89487983AEEB982BB61A7C.TMP
    Filesize

    1KB

    MD5

    7a9179ed8222118368c7c6f5749296d8

    SHA1

    96e6a07ad455166b7e2102b93e6d0ce9289f587c

    SHA256

    8363aa8d79ed7917cb6e39f6a8edfd08d2903abdbb5402d4f9dfc0f549ec2834

    SHA512

    02bebc35458197544a8daafde93e4d748444eec0d77785a443787eead9db41973347a52e1968a81850279a68303d070e7d9564ed3731904f26fa5f35dc8767af

    Download Submit

  • memory/60-24-0x0000000000770000-0x000000000077A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/60-25-0x0000000074E30000-0x00000000755E0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/60-26-0x0000000005660000-0x0000000005C04000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/60-27-0x0000000005150000-0x00000000051E2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/60-29-0x0000000074E30000-0x00000000755E0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/676-0-0x0000000074E3E000-0x0000000074E3F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/676-8-0x0000000074E30000-0x00000000755E0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/676-2-0x0000000005330000-0x00000000053CC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/676-1-0x00000000009A0000-0x00000000009AA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/676-30-0x0000000074E30000-0x00000000755E0000-memory.dmp

    Filesize

    7.7MB

    Download