8fc9be5a2e85138966d287aed33aaf518ddb1bd00d107025c090a76c06f3ad10

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2023, 18:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

db63635d9323bbexeexeexeex.exe
Size

40KB
MD5

db63635d9323bb4352af0b9fddbd993b
SHA1

5a5d3cc077fe38c53c30d265f17db690eafbb026
SHA256

8fc9be5a2e85138966d287aed33aaf518ddb1bd00d107025c090a76c06f3ad10
SHA512

e6d8946b75dbf1312e688d96365202154e6aa2600a97be685a930e48208d041a3d14db4dff0f6a49c9fa2b3102fa6da80ba962a543c0a70a1650b6e75410d55b
SSDEEP

768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBaaUfmZlQyEgDrBBfH8:X6QFElP6n+gJQMOtEvwDpjBkfmbQyEgE

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\International\Geo\Nation	db63635d9323bbexeexeexeex.exe

Executes dropped EXE 1 IoCs

pid	Process
560	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 560	1952	db63635d9323bbexeexeexeex.exe	87
PID 1952 wrote to memory of 560	1952	db63635d9323bbexeexeexeex.exe	87
PID 1952 wrote to memory of 560	1952	db63635d9323bbexeexeexeex.exe	87

C:\Users\Admin\AppData\Local\Temp\db63635d9323bbexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\db63635d9323bbexeexeexeex.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:560

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
40KB

MD5
8703bd04660ba91b3b744daba23ef340

SHA1
b28fe2decfd7901651e46c535f12c1cb35953279

SHA256
b9422c2dfb960e55bdfd54e7ca62309c4823b24d140769b4dc0e07782a4d0f2b

SHA512
741f39fbbbb683c0964f6d9277b65dc7d17494d1d551e1edd6333fdadad030f73c8e791718cfa01970bc276ac4db020807579c3057a2a5a2955f8867bc05cd0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
40KB

MD5
8703bd04660ba91b3b744daba23ef340

SHA1
b28fe2decfd7901651e46c535f12c1cb35953279

SHA256
b9422c2dfb960e55bdfd54e7ca62309c4823b24d140769b4dc0e07782a4d0f2b

SHA512
741f39fbbbb683c0964f6d9277b65dc7d17494d1d551e1edd6333fdadad030f73c8e791718cfa01970bc276ac4db020807579c3057a2a5a2955f8867bc05cd0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
40KB

MD5
8703bd04660ba91b3b744daba23ef340

SHA1
b28fe2decfd7901651e46c535f12c1cb35953279

SHA256
b9422c2dfb960e55bdfd54e7ca62309c4823b24d140769b4dc0e07782a4d0f2b

SHA512
741f39fbbbb683c0964f6d9277b65dc7d17494d1d551e1edd6333fdadad030f73c8e791718cfa01970bc276ac4db020807579c3057a2a5a2955f8867bc05cd0f

Download Submit
memory/560-149-0x00000000020E0000-0x00000000020E6000-memory.dmp

Filesize
24KB

Download
memory/1952-133-0x00000000004C0000-0x00000000004C6000-memory.dmp

Filesize
24KB

Download
memory/1952-134-0x00000000004E0000-0x00000000004E6000-memory.dmp

Filesize
24KB

Download