Overview

overview

10

Static

static

10

quarantine...0K.exe

windows10-2004-x64

10

quarantine...0K.exe

windows11-21h2-x64

10

quarantine...TS.exe

windows10-2004-x64

10

quarantine...TS.exe

windows11-21h2-x64

10

quarantine...qK.exe

windows10-2004-x64

3

quarantine...qK.exe

windows11-21h2-x64

3

quarantine...ZK.exe

windows10-2004-x64

10

quarantine...ZK.exe

windows11-21h2-x64

10

quarantine/Energy.exe

windows10-2004-x64

10

quarantine/Energy.exe

windows11-21h2-x64

10

quarantine...es.exe

windows10-2004-x64

10

quarantine...es.exe

windows11-21h2-x64

10

quarantine...cL.exe

windows10-2004-x64

7

quarantine...cL.exe

windows11-21h2-x64

3

quarantine...9O.exe

windows10-2004-x64

10

quarantine...9O.exe

windows11-21h2-x64

10

quarantine...6q.exe

windows10-2004-x64

10

quarantine...6q.exe

windows11-21h2-x64

10

quarantine...di.exe

windows10-2004-x64

10

quarantine...di.exe

windows11-21h2-x64

10

quarantine...89.msi

windows10-2004-x64

9

quarantine...89.msi

windows11-21h2-x64

9

quarantine/main.exe

windows10-2004-x64

3

quarantine/main.exe

windows11-21h2-x64

3

quarantine/random.exe

windows10-2004-x64

7

quarantine/random.exe

windows11-21h2-x64

7

quarantine..._2.exe

windows10-2004-x64

10

quarantine..._2.exe

windows11-21h2-x64

10

quarantine...vA.exe

windows10-2004-x64

7

quarantine...vA.exe

windows11-21h2-x64

7

quarantine...Z1.exe

windows10-2004-x64

10

quarantine...Z1.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    104s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/04/2025, 23:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    quarantine/VcYJXcL.exe

  • Size

    13.5MB

  • MD5

    a42a7864ee588e5627a17cc5b36a8cae

  • SHA1

    3713244300e87a512ad10382571c98a08fd13155

  • SHA256

    3d4915f94462dda1b3af5ca1ee39740e14644807fb743403e55c7b9a92101b7f

  • SHA512

    2b86e5a3d0dcea2aa30731edbc1bf30251b1f5c0ebb24fcee772f8c9f4b0c1d5e11b8ebc633b4c4fd15f301dba0caf67114502e142efb5af3789114dd1a4490e

  • SSDEEP

    393216:7lzh+J9e0FamFZOt7NUIaaHXDUJFbSflHjB0DjY31Z1CPwDv3uFh:7lz2s0FfZ2DUJFbSflHjB0Djm

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\quarantine\VcYJXcL.exe
    "C:\Users\Admin\AppData\Local\Temp\quarantine\VcYJXcL.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3588
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" cmd.exe /c (for /L %i in (0,1,15) do (del "C:\Users\Admin\AppData\Local\Temp\QUARAN~1\VcYJXcL.exe" & if not exist "C:\Users\Admin\AppData\Local\Temp\QUARAN~1\VcYJXcL.exe" (rmdir /s /q "C:\Users\Admin\AppData\Local\Temp\QUARAN~1\VcYJXcL.exe" & exit)))
      2⤵
        PID:2472

    Network

    MITRE ATT&CK Enterprise v16

    Replay Monitor

    Loading Replay Monitor...

    Downloads