2ba106e57bacbce734de86ac9deab2a763087ca38291b5298130736b1474236f

Analysis

max time kernel
91s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
14-02-2023 18:06

Target

Scarab.exe
Size

88.8MB
MD5

a093c0d9c2392def8a9f8524f337b68f
SHA1

69698aa863f12fae02d19fc033a52e4f904e900d
SHA256

2ba106e57bacbce734de86ac9deab2a763087ca38291b5298130736b1474236f
SHA512

7e3ae3120ae28ae3ce8691904d45017d561cd53459816fa94e6d4f0b9533b9d90d2c556e42cd2daf9faa43c46284e8193c9604855a73daa9c8441b70875483cd
SSDEEP

786432:X2OYL67WBlefpvpqjTFK7TkLy/kkPZSaXnRPGyY6+:XiL6qiRvsjTFK7TyjoPG3

Score

7^/10

Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

Scarab.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation Scarab.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	Scarab.exe

C:\Users\Admin\AppData\Local\Temp\Scarab.exe
"C:\Users\Admin\AppData\Local\Temp\Scarab.exe"
1⤵
- Checks computer location settings
PID:3988

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

memory/3988-132-0x0000000180000000-0x0000000180A23000-memory.dmp

Filesize
10.1MB

Download
memory/3988-135-0x000002876CA30000-0x000002876CA3D000-memory.dmp

Filesize
52KB

Download
memory/3988-138-0x000002876EA70000-0x000002876EA86000-memory.dmp

Filesize
88KB

Download
memory/3988-141-0x000002876EBA0000-0x000002876EBB2000-memory.dmp

Filesize
72KB

Download
memory/3988-144-0x000002876EC10000-0x000002876EC50000-memory.dmp

Filesize
256KB

Download
memory/3988-147-0x000002876EBC0000-0x000002876EBCE000-memory.dmp

Filesize
56KB

Download
memory/3988-150-0x000002876EC50000-0x000002876EC71000-memory.dmp

Filesize
132KB

Download
memory/3988-153-0x000002876EC00000-0x000002876EC08000-memory.dmp

Filesize
32KB

Download
memory/3988-156-0x000002876F0B0000-0x000002876F0EC000-memory.dmp

Filesize
240KB

Download