839ad830c82778445fe05f2a5a75283c3fa00c6c08d4e1a91260240c5b7c9685

Analysis

max time kernel
138s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2023, 13:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f6b746ad96ae7aexeexeexeex.exe
Size

58KB
MD5

f6b746ad96ae7a5567e5e035c9a00a7e
SHA1

05f697b29a49f782dcf7dedd81f361206068ca64
SHA256

839ad830c82778445fe05f2a5a75283c3fa00c6c08d4e1a91260240c5b7c9685
SHA512

ae7b44cea357c03c414b8f0fc51795788eca42aa2bb8b3a768a27624387663bce22d04072c31c721666be35c93a4f0605c7e72b2ee59043cedf17ebf6481856a
SSDEEP

768:79inqyNR/QtOOtEvwDpjBK/iVTab3GRuv3VylcbgMv6zcN81:79mqyNhQMOtEvwDpjBPY7xv3g1MvkO81

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Control Panel\International\Geo\Nation	f6b746ad96ae7aexeexeexeex.exe

Executes dropped EXE 1 IoCs

pid	Process
4064	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 4064	1472	f6b746ad96ae7aexeexeexeex.exe	86
PID 1472 wrote to memory of 4064	1472	f6b746ad96ae7aexeexeexeex.exe	86
PID 1472 wrote to memory of 4064	1472	f6b746ad96ae7aexeexeexeex.exe	86

C:\Users\Admin\AppData\Local\Temp\f6b746ad96ae7aexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\f6b746ad96ae7aexeexeexeex.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:4064

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
59KB

MD5
e415363b208c6b0a575d5cd5a0774736

SHA1
1b3f8ca148c4c46817efc919e8a26bb74abd1612

SHA256
f10a3422319ee1fdbce4d20e38aecbfef4288ceafcd19c42f8f48c3c3dced102

SHA512
851e42b7cd8e1ccd706a0d1951c25d6ae22ab1c1a425b1589d5803a78dea7a6e65c3be01dfd553ce5dabb1edc906d3dd531f32f734268dda82342cab5d428c1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
59KB

MD5
e415363b208c6b0a575d5cd5a0774736

SHA1
1b3f8ca148c4c46817efc919e8a26bb74abd1612

SHA256
f10a3422319ee1fdbce4d20e38aecbfef4288ceafcd19c42f8f48c3c3dced102

SHA512
851e42b7cd8e1ccd706a0d1951c25d6ae22ab1c1a425b1589d5803a78dea7a6e65c3be01dfd553ce5dabb1edc906d3dd531f32f734268dda82342cab5d428c1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
59KB

MD5
e415363b208c6b0a575d5cd5a0774736

SHA1
1b3f8ca148c4c46817efc919e8a26bb74abd1612

SHA256
f10a3422319ee1fdbce4d20e38aecbfef4288ceafcd19c42f8f48c3c3dced102

SHA512
851e42b7cd8e1ccd706a0d1951c25d6ae22ab1c1a425b1589d5803a78dea7a6e65c3be01dfd553ce5dabb1edc906d3dd531f32f734268dda82342cab5d428c1e

Download Submit
memory/1472-133-0x00000000020C0000-0x00000000020C6000-memory.dmp

Filesize
24KB

Download
memory/1472-134-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/1472-135-0x00000000020E0000-0x00000000020E6000-memory.dmp

Filesize
24KB

Download
memory/1472-149-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/4064-151-0x00000000006C0000-0x00000000006C6000-memory.dmp

Filesize
24KB

Download
memory/4064-157-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download