Analysis
-
max time kernel
141s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
10-10-2023 13:02
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230831-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
tmp.exe
-
Size
186KB
-
MD5
9809924a1fb0082898813c23dbc84b24
-
SHA1
2ed5dd6107be77a09812f45993604ed496417d0b
-
SHA256
8183f3d03aabd24f00a14cdf4bd6e88c946bc3d2a17ed2368792426d32783e55
-
SHA512
8a244194152e98bc9839ce6246b78b82e909a9f2b31582a021644a86a3ae03df38ab688bd4561d81b9afcfddecb18b555d24a7d623d8f718eae3a62d56d15ad5
-
SSDEEP
3072:OPUq+jL3rWh716RfGYSeK95YWX2PaAlN4eT0FNaP0hBUxY3rC8XG4t7hXs+cCk3X:4K/3rUJYSx95YBfSrF8OaiusG6hXs/H
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
tmp.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Control Panel\International\Geo\Nation tmp.exe -
Suspicious behavior: EnumeratesProcesses 31 IoCs
Processes:
tmp.exepid process 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe 1788 tmp.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
tmp.exedescription pid process Token: SeDebugPrivilege 1788 tmp.exe