13b68a53ef577980cff526d791d1b42650920d507dc840a7936e5569a3c09a81

Analysis

max time kernel
173s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 18:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13b68a53ef577980cff526d791d1b42650920d507dc840a7936e5569a3c09a81.exe
Size

39KB
MD5

81e24bba02aabd1ed07f1951ce686bc6
SHA1

103ba08149d68e45715a7bf9de5c85fbb5961bfd
SHA256

13b68a53ef577980cff526d791d1b42650920d507dc840a7936e5569a3c09a81
SHA512

8ef230d6124195c8fe0be12e1eab3c9f33862fc9f2198353ca7c88bbff65d6e7d6b68f44ca2c1dd391b0f7f43bcf764198fbd8d5f71aef7e88298961d38ccb67
SSDEEP

768:U2X1fE6RmeWx6KhYnYo12VIeh9eybodFl:U2p6zG12L9eyboXl

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	13b68a53ef577980cff526d791d1b42650920d507dc840a7936e5569a3c09a81.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\13b68a53ef577980cff526d791d1b42650920d507dc840a7936e5569a3c09a81.exe
"C:\Users\Admin\AppData\Local\Temp\13b68a53ef577980cff526d791d1b42650920d507dc840a7936e5569a3c09a81.exe"
1⤵
- Checks computer location settings
PID:2900

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2900-132-0x00000000005B0000-0x00000000005BE000-memory.dmp

Filesize
56KB

Download
memory/2900-133-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2900-134-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download