Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
09/07/2023, 17:02
General
-
Target
ba21a3de7335f5exeexeexeex.exe
-
Size
120KB
-
MD5
ba21a3de7335f5905bd1a58c1e6c3e4a
-
SHA1
61e36da07cebae8560d01bc9ea1a84f78c3601cb
-
SHA256
8b056bf915447c3e61f54d2dd25e5b1062990c214bbc454b168575eab61f1342
-
SHA512
5f0c0e1645e431ba0586e0cba105da310d9c9a7e8f9b22d399a878b8a844100c65c8bbdcc8b910040fd4536c920d261f0dc7cc120b92690fd4929ed3af856e09
-
SSDEEP
1536:qkmnpomddpMOtEvwDpjJGYQbN/PKwNgp699GNtL1eUq:AnBdOOtEvwDpj6zl
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ba21a3de7335f5exeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\ba21a3de7335f5exeexeexeex.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
120KB
MD5e84f141e4561045678bd02e62f4665a2
SHA13c4c810a70fbd0ec2439644204bbeeb0c6512c2a
SHA2567b3bddab80b35e896699362e5e5d89db0cc0f2b083b17123f7ccdd015e8fe217
SHA5124756a458f1634c5fa2caff208d4dae76f29c1506f7ecff5e11ec68bbd50f299663f1b15dc76344843b1b9c82b8370aa6835469b32f20fe94593dbde63c04abe5
-
Filesize
120KB
MD5e84f141e4561045678bd02e62f4665a2
SHA13c4c810a70fbd0ec2439644204bbeeb0c6512c2a
SHA2567b3bddab80b35e896699362e5e5d89db0cc0f2b083b17123f7ccdd015e8fe217
SHA5124756a458f1634c5fa2caff208d4dae76f29c1506f7ecff5e11ec68bbd50f299663f1b15dc76344843b1b9c82b8370aa6835469b32f20fe94593dbde63c04abe5
-
Filesize
120KB
MD5e84f141e4561045678bd02e62f4665a2
SHA13c4c810a70fbd0ec2439644204bbeeb0c6512c2a
SHA2567b3bddab80b35e896699362e5e5d89db0cc0f2b083b17123f7ccdd015e8fe217
SHA5124756a458f1634c5fa2caff208d4dae76f29c1506f7ecff5e11ec68bbd50f299663f1b15dc76344843b1b9c82b8370aa6835469b32f20fe94593dbde63c04abe5
-
Filesize
24KB
-
Filesize
60KB
-
Filesize
60KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
60KB