9829373b1e5d675cb4fe713b860e352894e3ec4c5a81713b4d72d0688a961309

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
19-09-2022 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9829373b1e5d675cb4fe713b860e352894e3ec4c5a81713b4d72d0688a961309.exe
Size

47KB
MD5

082ca8d8a3e8f45ae2bdfd6e3815cc75
SHA1

09c494cb5a27ec029b73a83fc0101593b17bbc80
SHA256

9829373b1e5d675cb4fe713b860e352894e3ec4c5a81713b4d72d0688a961309
SHA512

b1c295a15422b44e3b964cc78b3e29288bc19d13eb9a0e3f1f0e9d3135f2960545943695dd366e607ec663541b2c2c613a67a1d4a6b41313a895da3ee7917db4
SSDEEP

768:jUzda88NNHXNOGhp+rA54xQdrTxxjNQZY5a57vXgNawWlbI:jok73NvhKE4y8ZYGTQNaw7

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Control Panel\International\Geo\Nation	9829373b1e5d675cb4fe713b860e352894e3ec4c5a81713b4d72d0688a961309.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
1168	9829373b1e5d675cb4fe713b860e352894e3ec4c5a81713b4d72d0688a961309.exe

C:\Users\Admin\AppData\Local\Temp\9829373b1e5d675cb4fe713b860e352894e3ec4c5a81713b4d72d0688a961309.exe
"C:\Users\Admin\AppData\Local\Temp\9829373b1e5d675cb4fe713b860e352894e3ec4c5a81713b4d72d0688a961309.exe"
1⤵
- Checks computer location settings
- Suspicious use of UnmapMainImage
PID:1168

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1168-54-0x00000000760E1000-0x00000000760E3000-memory.dmp

Filesize
8KB

Download
memory/1168-55-0x0000000000220000-0x000000000022F000-memory.dmp

Filesize
60KB

Download
memory/1168-56-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download