8fa2980b118cefc2e28b0a514c6e44ce001661eb93fc2e98daa62e6294d895e4

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2023, 14:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c6ad72730c0f13exeexeexeex.exe
Size

67KB
MD5

c6ad72730c0f1388ceef1532510d6cd4
SHA1

bdbe66eb3fc31013679b5e0d68c7ec837f34b867
SHA256

8fa2980b118cefc2e28b0a514c6e44ce001661eb93fc2e98daa62e6294d895e4
SHA512

7c4ecde07c0449eb8ab839db40168807d08f886c7f60755198963ca06bcb023222da78b9afb1f8cda7817c118b9fbe8fb9ebda09db911f83b7465dd570be2221
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjyaLccVp4xSO:V6a+pOtEvwDpjvk

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Control Panel\International\Geo\Nation	c6ad72730c0f13exeexeexeex.exe

Executes dropped EXE 1 IoCs

pid	Process
4624	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3276 wrote to memory of 4624	3276	c6ad72730c0f13exeexeexeex.exe	84
PID 3276 wrote to memory of 4624	3276	c6ad72730c0f13exeexeexeex.exe	84
PID 3276 wrote to memory of 4624	3276	c6ad72730c0f13exeexeexeex.exe	84

C:\Users\Admin\AppData\Local\Temp\c6ad72730c0f13exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\c6ad72730c0f13exeexeexeex.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3276
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:4624

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
67KB

MD5
57be1741e9807167678d3fbd7dce28d9

SHA1
30145933671ae169391b347af724f272771e2dde

SHA256
437cd8d9e8d4ad02a48a56dd523cf8bf07b9b4aa3fe78c9d312b81f139c47267

SHA512
33ef7a58137671379501290bc8ad304d146a0c0d7350afde6b388b0d5d8f842d1de32a37a5176b6b6768b8f5c385dfba9b47f507c9a323210aaae60044a5440a

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
67KB

MD5
57be1741e9807167678d3fbd7dce28d9

SHA1
30145933671ae169391b347af724f272771e2dde

SHA256
437cd8d9e8d4ad02a48a56dd523cf8bf07b9b4aa3fe78c9d312b81f139c47267

SHA512
33ef7a58137671379501290bc8ad304d146a0c0d7350afde6b388b0d5d8f842d1de32a37a5176b6b6768b8f5c385dfba9b47f507c9a323210aaae60044a5440a

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
67KB

MD5
57be1741e9807167678d3fbd7dce28d9

SHA1
30145933671ae169391b347af724f272771e2dde

SHA256
437cd8d9e8d4ad02a48a56dd523cf8bf07b9b4aa3fe78c9d312b81f139c47267

SHA512
33ef7a58137671379501290bc8ad304d146a0c0d7350afde6b388b0d5d8f842d1de32a37a5176b6b6768b8f5c385dfba9b47f507c9a323210aaae60044a5440a

Download Submit
memory/3276-133-0x00000000021B0000-0x00000000021B6000-memory.dmp

Filesize
24KB

Download
memory/3276-134-0x0000000002040000-0x0000000002046000-memory.dmp

Filesize
24KB

Download
memory/4624-149-0x00000000004E0000-0x00000000004E6000-memory.dmp

Filesize
24KB

Download