Analysis
-
max time kernel
139s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
09/07/2023, 07:56
General
-
Target
9f03bc7fd7768bexeexeexeex.exe
-
Size
64KB
-
MD5
9f03bc7fd7768b1a6c13185053022a39
-
SHA1
678384e6a927a0f1a0f117d5230546749aac2a58
-
SHA256
0de42576c59bd44b608f61a524bc1e9fbfa3eb41b1add26b1b810046f889b427
-
SHA512
90a4623edb7c2e79542d6c4a5e14dfdc3e0e433fbe7c4f963e6736d83646934b2aa3a5510b510f14db5de4705f2ac06e0d89beca7e4c4e8f64dd1694946ce06e
-
SSDEEP
1536:z6QFElP6n+gKmddpMOtEvwDpj9aYaFAh5gD:z6a+CdOOtEvwDpjQJ
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9f03bc7fd7768bexeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\9f03bc7fd7768bexeexeexeex.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5eb1bb69227f5279fe1c82140013a2d4f
SHA17262ddec4a7cc260d3aec678e548a25df2d23d5e
SHA256a47eb50725f2cda2765cb12115a704bd2f4a790fd5784995a5882b577a8ae838
SHA512b324996ac8a734ee2a1d87a5509977d2b41cf290d95561f3da48853ce79f1203131d0a9d1fcdd178063b5309ec9e6d76e96b9eb2f5e9866bc4cee2d8dc111872
-
Filesize
64KB
MD5eb1bb69227f5279fe1c82140013a2d4f
SHA17262ddec4a7cc260d3aec678e548a25df2d23d5e
SHA256a47eb50725f2cda2765cb12115a704bd2f4a790fd5784995a5882b577a8ae838
SHA512b324996ac8a734ee2a1d87a5509977d2b41cf290d95561f3da48853ce79f1203131d0a9d1fcdd178063b5309ec9e6d76e96b9eb2f5e9866bc4cee2d8dc111872
-
Filesize
64KB
MD5eb1bb69227f5279fe1c82140013a2d4f
SHA17262ddec4a7cc260d3aec678e548a25df2d23d5e
SHA256a47eb50725f2cda2765cb12115a704bd2f4a790fd5784995a5882b577a8ae838
SHA512b324996ac8a734ee2a1d87a5509977d2b41cf290d95561f3da48853ce79f1203131d0a9d1fcdd178063b5309ec9e6d76e96b9eb2f5e9866bc4cee2d8dc111872
-
Filesize
64KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
64KB
-
Filesize
24KB
-
Filesize
64KB