dc807a2bc0a23aadeeb0f859bfb6d7638d5c169a6f4a89ace10e045df1539ec6

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2023, 07:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

eb4061cd99548cexeexeexeex.exe
Size

78KB
MD5

eb4061cd99548cf5b1d5b20ce5643cb1
SHA1

437fd1654bfc1fe9eff9d4c9582495f894273ed7
SHA256

dc807a2bc0a23aadeeb0f859bfb6d7638d5c169a6f4a89ace10e045df1539ec6
SHA512

fee9b5c58810d54ad7bb7f11dd3d7e5c619003e710caa1ca08e202b5e9ee66753f447302fc5ec83a9bd21809210820432b112b0f28e613d87486ba7dc7ecc89e
SSDEEP

768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpj/MLa5VccPtNw5CS95yJVHdPvb:V6QFElP6n+gMQMOtEvwDpjyaLccVNlvJ

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Control Panel\International\Geo\Nation	eb4061cd99548cexeexeexeex.exe

Executes dropped EXE 1 IoCs

pid	Process
4868	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 4868	1452	eb4061cd99548cexeexeexeex.exe	85
PID 1452 wrote to memory of 4868	1452	eb4061cd99548cexeexeexeex.exe	85
PID 1452 wrote to memory of 4868	1452	eb4061cd99548cexeexeexeex.exe	85

C:\Users\Admin\AppData\Local\Temp\eb4061cd99548cexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\eb4061cd99548cexeexeexeex.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:4868

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
78KB

MD5
2e42006807d91eca250a20f93370a7d1

SHA1
fe50e5ea72bc757ec174ecfaaa1e23a9e72e9d54

SHA256
477d718392f824cad382e0df27b2f499337679b49c93d35fa78cd6f851bcc8fd

SHA512
000a5391b29339485b62bc2498285144bdd202eba18581e23df53676add81761bb25397adacde3d1779ca5d2487cda3d3fc0817de96d1642d9300f11833aa52c

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
78KB

MD5
2e42006807d91eca250a20f93370a7d1

SHA1
fe50e5ea72bc757ec174ecfaaa1e23a9e72e9d54

SHA256
477d718392f824cad382e0df27b2f499337679b49c93d35fa78cd6f851bcc8fd

SHA512
000a5391b29339485b62bc2498285144bdd202eba18581e23df53676add81761bb25397adacde3d1779ca5d2487cda3d3fc0817de96d1642d9300f11833aa52c

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
78KB

MD5
2e42006807d91eca250a20f93370a7d1

SHA1
fe50e5ea72bc757ec174ecfaaa1e23a9e72e9d54

SHA256
477d718392f824cad382e0df27b2f499337679b49c93d35fa78cd6f851bcc8fd

SHA512
000a5391b29339485b62bc2498285144bdd202eba18581e23df53676add81761bb25397adacde3d1779ca5d2487cda3d3fc0817de96d1642d9300f11833aa52c

Download Submit
memory/1452-133-0x00000000004C0000-0x00000000004C6000-memory.dmp

Filesize
24KB

Download
memory/1452-134-0x00000000004E0000-0x00000000004E6000-memory.dmp

Filesize
24KB

Download
memory/4868-149-0x0000000002070000-0x0000000002076000-memory.dmp

Filesize
24KB

Download