35da7da12fa57100d5f1ffaebbf086e061d261c4e21f46a2f0504e92c8f4c321

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2023, 16:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2e1fed3b20b665exeexe_JC.exe
Size

51KB
MD5

2e1fed3b20b665c5bc0a170b90e4f9b4
SHA1

e0536eab1a4da764fd16d9b59874756cc6a5510c
SHA256

35da7da12fa57100d5f1ffaebbf086e061d261c4e21f46a2f0504e92c8f4c321
SHA512

4a711fc990246e7ee25d0db5ff31bd6c0fed3fdf9a0dad19cd8d7ac38d010e5030328a269ac9dfbb19720fdf159120d7bdc1f1aad2644682806d222d73e541dd
SSDEEP

1536:qmbhXDmjr5MOtEvwDpj5cDtKkQZQRKb61m:BbdDmjr+OtEvwDpjMs

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Control Panel\International\Geo\Nation	2e1fed3b20b665exeexe_JC.exe

Executes dropped EXE 1 IoCs

pid	Process
4816	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3752 wrote to memory of 4816	3752	2e1fed3b20b665exeexe_JC.exe	86
PID 3752 wrote to memory of 4816	3752	2e1fed3b20b665exeexe_JC.exe	86
PID 3752 wrote to memory of 4816	3752	2e1fed3b20b665exeexe_JC.exe	86

C:\Users\Admin\AppData\Local\Temp\2e1fed3b20b665exeexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\2e1fed3b20b665exeexe_JC.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3752
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:4816

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
51KB

MD5
cf4657dfec0538fcd7832f954016c385

SHA1
dad6466b4b97061b5535f844b81f6d90c6239720

SHA256
1da2f43d9284fa3d7bbd5b2d6ebab92c16c4ebf56dd2de2b1760b3ffc2908392

SHA512
2b0bef9c18cf24bd81a01e8d71a7473e3d128a858680258040fd6b2808b3e07319520367a5f2c1fe26eb1f7c85cce8256c3156cfd032b315342cf536a9e45b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
51KB

MD5
cf4657dfec0538fcd7832f954016c385

SHA1
dad6466b4b97061b5535f844b81f6d90c6239720

SHA256
1da2f43d9284fa3d7bbd5b2d6ebab92c16c4ebf56dd2de2b1760b3ffc2908392

SHA512
2b0bef9c18cf24bd81a01e8d71a7473e3d128a858680258040fd6b2808b3e07319520367a5f2c1fe26eb1f7c85cce8256c3156cfd032b315342cf536a9e45b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
51KB

MD5
cf4657dfec0538fcd7832f954016c385

SHA1
dad6466b4b97061b5535f844b81f6d90c6239720

SHA256
1da2f43d9284fa3d7bbd5b2d6ebab92c16c4ebf56dd2de2b1760b3ffc2908392

SHA512
2b0bef9c18cf24bd81a01e8d71a7473e3d128a858680258040fd6b2808b3e07319520367a5f2c1fe26eb1f7c85cce8256c3156cfd032b315342cf536a9e45b27

Download Submit
memory/3752-133-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3752-134-0x00000000006A0000-0x00000000006A6000-memory.dmp

Filesize
24KB

Download
memory/3752-136-0x0000000000850000-0x0000000000856000-memory.dmp

Filesize
24KB

Download
memory/3752-135-0x00000000006A0000-0x00000000006A6000-memory.dmp

Filesize
24KB

Download
memory/3752-150-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/4816-153-0x00000000020F0000-0x00000000020F6000-memory.dmp

Filesize
24KB

Download
memory/4816-152-0x0000000000570000-0x0000000000576000-memory.dmp

Filesize
24KB

Download
memory/4816-159-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download