690f2b0a004abf7312b0990776ff921f3a8cf67ed52d3d1bac791bea1a121fae

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2023, 12:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e4d2e92c353700exe_JC.exe
Size

145KB
MD5

e4d2e92c3537005e6676c5eb82aa00b6
SHA1

3437a8e1d71154788c4b32ab1f0268ea478ba520
SHA256

690f2b0a004abf7312b0990776ff921f3a8cf67ed52d3d1bac791bea1a121fae
SHA512

dcc3558fbd200c58d2eb1cecf41aef8ec856de6011f0ff43a7f1972f865aff0c6c661d97b6bd688b3ca800c1f519f6488878f820108da3057d7a9d48660960b9
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjQGYQbxGYQbxGYQbPlooND:V6a+pOtEvwDpjt22v

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Control Panel\International\Geo\Nation	e4d2e92c353700exe_JC.exe

Executes dropped EXE 1 IoCs

pid	Process
3352	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3660 wrote to memory of 3352	3660	e4d2e92c353700exe_JC.exe	84
PID 3660 wrote to memory of 3352	3660	e4d2e92c353700exe_JC.exe	84
PID 3660 wrote to memory of 3352	3660	e4d2e92c353700exe_JC.exe	84

C:\Users\Admin\AppData\Local\Temp\e4d2e92c353700exe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\e4d2e92c353700exe_JC.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3660
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:3352

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
145KB

MD5
f0250f4b43969bb07febdfe9111f3b36

SHA1
2b9eb532628a45453b7671eab31f15b4a5103b4e

SHA256
9782e3f6523e0442b542e0c1ce86f925d167979129436be33d2d32c72b36c1a3

SHA512
cc0ca489877af0b2efd572686a29bee0ce6607da7f0a53fe4a285a78affb29f2ec9d0eb3fc7825b03b0cf313f79bf2455c8e56863775619324da92e04b469e2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
145KB

MD5
f0250f4b43969bb07febdfe9111f3b36

SHA1
2b9eb532628a45453b7671eab31f15b4a5103b4e

SHA256
9782e3f6523e0442b542e0c1ce86f925d167979129436be33d2d32c72b36c1a3

SHA512
cc0ca489877af0b2efd572686a29bee0ce6607da7f0a53fe4a285a78affb29f2ec9d0eb3fc7825b03b0cf313f79bf2455c8e56863775619324da92e04b469e2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
145KB

MD5
f0250f4b43969bb07febdfe9111f3b36

SHA1
2b9eb532628a45453b7671eab31f15b4a5103b4e

SHA256
9782e3f6523e0442b542e0c1ce86f925d167979129436be33d2d32c72b36c1a3

SHA512
cc0ca489877af0b2efd572686a29bee0ce6607da7f0a53fe4a285a78affb29f2ec9d0eb3fc7825b03b0cf313f79bf2455c8e56863775619324da92e04b469e2f

Download Submit
memory/3352-151-0x00000000005C0000-0x00000000005C6000-memory.dmp

Filesize
24KB

Download
memory/3352-150-0x0000000002080000-0x0000000002086000-memory.dmp

Filesize
24KB

Download
memory/3660-133-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/3660-134-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/3660-135-0x00000000004F0000-0x00000000004F6000-memory.dmp

Filesize
24KB

Download