Analysis

  • max time kernel
    142s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-07-2023 22:07

General

  • Target

    NA_067870e427a45fexe_JC.exe

  • Size

    40KB

  • MD5

    067870e427a45f93f5342882008042ff

  • SHA1

    2d25a1fe658e62e19934bd06d8abcfa0663087fd

  • SHA256

    339627d9a9a13fac6c15ce787aec15064e3146c156d14481d0893ac20eff012d

  • SHA512

    9b6457b00630391e93752584a0c5c424e12edbc61d56c9d083725da91ba56821046fea1f007828b46fa803f9b858d8b0dab0b11004359915d06fda0bba45480c

  • SSDEEP

    768:qUmnjFom/kLyMro2GtOOtEvwDpjeMLam5aFr7YOzzOQjCMQ:qUmnpomddpMOtEvwDpjjaYaFAetQ

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NA_067870e427a45fexe_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NA_067870e427a45fexe_JC.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:216
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2168

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe

    Filesize

    40KB

    MD5

    524cd8c78a17febfc5b8bb9275a5677b

    SHA1

    9b8759e9d2d2ad52ee67370eec9566014702edfc

    SHA256

    e3459908f4c3f54372c4205a444a1757e2f731a9c3434bcb6c3ed2550345352c

    SHA512

    8776c75aeaa2ad74f7aa239c20974b4ebb8263c33edd614dd88a8eb4be8c9c645d18972929b5d4b7ea5ca201362fbb683cc2a3ccea195db73dcbcef5262c320b

  • C:\Users\Admin\AppData\Local\Temp\asih.exe

    Filesize

    40KB

    MD5

    524cd8c78a17febfc5b8bb9275a5677b

    SHA1

    9b8759e9d2d2ad52ee67370eec9566014702edfc

    SHA256

    e3459908f4c3f54372c4205a444a1757e2f731a9c3434bcb6c3ed2550345352c

    SHA512

    8776c75aeaa2ad74f7aa239c20974b4ebb8263c33edd614dd88a8eb4be8c9c645d18972929b5d4b7ea5ca201362fbb683cc2a3ccea195db73dcbcef5262c320b

  • C:\Users\Admin\AppData\Local\Temp\asih.exe

    Filesize

    40KB

    MD5

    524cd8c78a17febfc5b8bb9275a5677b

    SHA1

    9b8759e9d2d2ad52ee67370eec9566014702edfc

    SHA256

    e3459908f4c3f54372c4205a444a1757e2f731a9c3434bcb6c3ed2550345352c

    SHA512

    8776c75aeaa2ad74f7aa239c20974b4ebb8263c33edd614dd88a8eb4be8c9c645d18972929b5d4b7ea5ca201362fbb683cc2a3ccea195db73dcbcef5262c320b

  • memory/216-133-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

  • memory/216-134-0x00000000005A0000-0x00000000005A6000-memory.dmp

    Filesize

    24KB

  • memory/216-135-0x00000000005A0000-0x00000000005A6000-memory.dmp

    Filesize

    24KB

  • memory/216-136-0x00000000005C0000-0x00000000005C6000-memory.dmp

    Filesize

    24KB

  • memory/216-150-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

  • memory/2168-153-0x0000000000520000-0x0000000000526000-memory.dmp

    Filesize

    24KB

  • memory/2168-152-0x00000000006C0000-0x00000000006C6000-memory.dmp

    Filesize

    24KB

  • memory/2168-159-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB