20d11dd9e3c833d0a19e201eb83eb8dbca41b9d962db4e5769844de934041ad3

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2023 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc87f491b88cb8exeexeexeex.exe
Size

90KB
MD5

dc87f491b88cb8ae744a0385c700ca6c
SHA1

0804cc9c784b22772f13ae5367153d9bdc5d9301
SHA256

20d11dd9e3c833d0a19e201eb83eb8dbca41b9d962db4e5769844de934041ad3
SHA512

fe0a56bf2cb86e50470011d773c4c4a25f3ad8ee467802a9eaf92fa8f037fe3d1d4af789714b18fd6c51980f7efd2215243333997475512a471e0da3c1aacafb
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjQGYQbNcqamvWHShlkoIg:V6a+pOtEvwDpjt9

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Control Panel\International\Geo\Nation	dc87f491b88cb8exeexeexeex.exe

Executes dropped EXE 1 IoCs

pid	Process
3560	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4312 wrote to memory of 3560	4312	dc87f491b88cb8exeexeexeex.exe	87
PID 4312 wrote to memory of 3560	4312	dc87f491b88cb8exeexeexeex.exe	87
PID 4312 wrote to memory of 3560	4312	dc87f491b88cb8exeexeexeex.exe	87

C:\Users\Admin\AppData\Local\Temp\dc87f491b88cb8exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\dc87f491b88cb8exeexeexeex.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4312
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:3560

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
90KB

MD5
6671eadf2cc5c054eb8f59696b459d1d

SHA1
01cce550ceecb490a1ba08819ba949298542ca70

SHA256
db9fe46371560193970fbb8e4a317a11f5e91bfa9225c36a8881aa7dc0b746e9

SHA512
a743d401a757501b2cf438bc94f056f0d2ae30e6b8d1d485ef6fb18b4b99f65c5cd461ea8fd9a19d49aadcd14f379a961a5cb4aad6be03f9cd41c8add2e2d2d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
90KB

MD5
6671eadf2cc5c054eb8f59696b459d1d

SHA1
01cce550ceecb490a1ba08819ba949298542ca70

SHA256
db9fe46371560193970fbb8e4a317a11f5e91bfa9225c36a8881aa7dc0b746e9

SHA512
a743d401a757501b2cf438bc94f056f0d2ae30e6b8d1d485ef6fb18b4b99f65c5cd461ea8fd9a19d49aadcd14f379a961a5cb4aad6be03f9cd41c8add2e2d2d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
90KB

MD5
6671eadf2cc5c054eb8f59696b459d1d

SHA1
01cce550ceecb490a1ba08819ba949298542ca70

SHA256
db9fe46371560193970fbb8e4a317a11f5e91bfa9225c36a8881aa7dc0b746e9

SHA512
a743d401a757501b2cf438bc94f056f0d2ae30e6b8d1d485ef6fb18b4b99f65c5cd461ea8fd9a19d49aadcd14f379a961a5cb4aad6be03f9cd41c8add2e2d2d1

Download Submit
memory/3560-149-0x0000000000530000-0x0000000000536000-memory.dmp

Filesize
24KB

Download
memory/4312-133-0x00000000004C0000-0x00000000004C6000-memory.dmp

Filesize
24KB

Download
memory/4312-134-0x00000000004E0000-0x00000000004E6000-memory.dmp

Filesize
24KB

Download