dfd7b2defc617f7b1aca1a48b3210a888f59c7ad3c184e2433cdb6b1feb4c9cc

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2023, 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b808cdab31633exeexeexeex.exe
Size

44KB
MD5

5b808cdab31633345fb0701890392d3c
SHA1

95a05e20f5ba94840c76c8ceec6dd9bb0dbb379c
SHA256

dfd7b2defc617f7b1aca1a48b3210a888f59c7ad3c184e2433cdb6b1feb4c9cc
SHA512

731a467205f35ac702aad33903b621fcea2c5bd4f60eeb8224e08f8d6e53b9e35197ea3a37704721894c5253c8999c80eb41d1c72d92bff352287ffb5619a7ec
SSDEEP

768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBVajSKm5uzOHxulionQe:X6QFElP6n+gJQMOtEvwDpjBcSKm5upvN

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Control Panel\International\Geo\Nation	5b808cdab31633exeexeexeex.exe

Executes dropped EXE 1 IoCs

pid	Process
1348	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3648 wrote to memory of 1348	3648	5b808cdab31633exeexeexeex.exe	87
PID 3648 wrote to memory of 1348	3648	5b808cdab31633exeexeexeex.exe	87
PID 3648 wrote to memory of 1348	3648	5b808cdab31633exeexeexeex.exe	87

C:\Users\Admin\AppData\Local\Temp\5b808cdab31633exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\5b808cdab31633exeexeexeex.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3648
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:1348

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
44KB

MD5
f1f6a0e955e943df3a6c05ddb08e9f51

SHA1
d8d5040d6cabb418f38a697625b86a2b23cd400e

SHA256
cb2e9f533d32191e587242c6b35b264888dc4c4eee3d3932e696e8bdb8d0981a

SHA512
0f3d95dc2c69653d7b31bf8d93e516889e396e84710050162c4f0b601cf8222cef2374e7280cefc7ad36c88cb2fe85012f0acacc8d007237734acd8f18c46d0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
44KB

MD5
f1f6a0e955e943df3a6c05ddb08e9f51

SHA1
d8d5040d6cabb418f38a697625b86a2b23cd400e

SHA256
cb2e9f533d32191e587242c6b35b264888dc4c4eee3d3932e696e8bdb8d0981a

SHA512
0f3d95dc2c69653d7b31bf8d93e516889e396e84710050162c4f0b601cf8222cef2374e7280cefc7ad36c88cb2fe85012f0acacc8d007237734acd8f18c46d0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
44KB

MD5
f1f6a0e955e943df3a6c05ddb08e9f51

SHA1
d8d5040d6cabb418f38a697625b86a2b23cd400e

SHA256
cb2e9f533d32191e587242c6b35b264888dc4c4eee3d3932e696e8bdb8d0981a

SHA512
0f3d95dc2c69653d7b31bf8d93e516889e396e84710050162c4f0b601cf8222cef2374e7280cefc7ad36c88cb2fe85012f0acacc8d007237734acd8f18c46d0a

Download Submit
memory/1348-149-0x00000000005C0000-0x00000000005C6000-memory.dmp

Filesize
24KB

Download
memory/3648-133-0x0000000000650000-0x0000000000656000-memory.dmp

Filesize
24KB

Download
memory/3648-134-0x0000000000670000-0x0000000000676000-memory.dmp

Filesize
24KB

Download