041baf645e5febc917e051c2e87d3cc7ce97c4b6440d83cfac2ccd6e2bcc79a0

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
11-07-2023 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fcfc8ef721ac26exeexeexeex.exe
Size

43KB
MD5

fcfc8ef721ac26c367cf544eef4b5f0d
SHA1

becdeb46b9699b9b8f630546c424b3352107e34b
SHA256

041baf645e5febc917e051c2e87d3cc7ce97c4b6440d83cfac2ccd6e2bcc79a0
SHA512

89a776c0033bd6a83dcdae8b705e52dc8ea38b9a0244c7d13994fdffb66b1149b41d8cd716bfcd76cc693bee0b939488c13a4331b5e5b1e9f73f4ee32a092256
SSDEEP

768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBaaEq1DsZ3:X6QFElP6n+gJQMOtEvwDpjB0yO

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Control Panel\International\Geo\Nation	fcfc8ef721ac26exeexeexeex.exe

Executes dropped EXE 1 IoCs

pid	Process
952	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1144 wrote to memory of 952	1144	fcfc8ef721ac26exeexeexeex.exe	84
PID 1144 wrote to memory of 952	1144	fcfc8ef721ac26exeexeexeex.exe	84
PID 1144 wrote to memory of 952	1144	fcfc8ef721ac26exeexeexeex.exe	84

C:\Users\Admin\AppData\Local\Temp\fcfc8ef721ac26exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\fcfc8ef721ac26exeexeexeex.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:952

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
43KB

MD5
399fbc7d5ca374a3a6e166c170cc94da

SHA1
a251a723a78cdfaf0ac7ca252f1a2e088d9d47c5

SHA256
706d337c8de7bac09d46f155fe7a76145b08781fb20f9d9d51275b8e495903bd

SHA512
3385b0fffc37d83087c49291759050da43982ba178d1a81b84579db726dd924e5a3b2b0dd707e0c62a51614b4c92be1f523b6183576207bc5e90f0b3afa2c123

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
43KB

MD5
399fbc7d5ca374a3a6e166c170cc94da

SHA1
a251a723a78cdfaf0ac7ca252f1a2e088d9d47c5

SHA256
706d337c8de7bac09d46f155fe7a76145b08781fb20f9d9d51275b8e495903bd

SHA512
3385b0fffc37d83087c49291759050da43982ba178d1a81b84579db726dd924e5a3b2b0dd707e0c62a51614b4c92be1f523b6183576207bc5e90f0b3afa2c123

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
43KB

MD5
399fbc7d5ca374a3a6e166c170cc94da

SHA1
a251a723a78cdfaf0ac7ca252f1a2e088d9d47c5

SHA256
706d337c8de7bac09d46f155fe7a76145b08781fb20f9d9d51275b8e495903bd

SHA512
3385b0fffc37d83087c49291759050da43982ba178d1a81b84579db726dd924e5a3b2b0dd707e0c62a51614b4c92be1f523b6183576207bc5e90f0b3afa2c123

Download Submit
memory/952-149-0x00000000020F0000-0x00000000020F6000-memory.dmp

Filesize
24KB

Download
memory/1144-133-0x00000000006B0000-0x00000000006B6000-memory.dmp

Filesize
24KB

Download
memory/1144-134-0x00000000021B0000-0x00000000021B6000-memory.dmp

Filesize
24KB

Download