cdf4af47dda8c498732b12c68148c298bc79ac77d9e71fef25a0f1006d8a263c

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
28-06-2023 20:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OfficeSetup (1).exe
Size

8.0MB
MD5

43289d561b2dc82497d37e1049d1c67e
SHA1

84207125445dfdbafa858807963d8ed5f16f1fbc
SHA256

cdf4af47dda8c498732b12c68148c298bc79ac77d9e71fef25a0f1006d8a263c
SHA512

9660675f73c0ecd95747a2f49b19be3755d71a6efacc74b796cf668f43691ca10bb906d7438da3f8ba9a45d3be2ae232c7a0e35604bbc82e9b109a4162553e3e
SSDEEP

196608:pk7XWblvPW2xex2UpqvHlleKY2/JyH8DAXPdHey:FlvJ4xTcvFlLJoXPdHey

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Control Panel\International\Geo\Nation	OfficeSetup (1).exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
940	1536	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 940	1536	OfficeSetup (1).exe	28
PID 1536 wrote to memory of 940	1536	OfficeSetup (1).exe	28
PID 1536 wrote to memory of 940	1536	OfficeSetup (1).exe	28
PID 1536 wrote to memory of 940	1536	OfficeSetup (1).exe	28

C:\Users\Admin\AppData\Local\Temp\OfficeSetup (1).exe
"C:\Users\Admin\AppData\Local\Temp\OfficeSetup (1).exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 552
  2⤵
  - Program crash
  PID:940

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads