Analysis

  • max time kernel
    141s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    10-10-2023 13:02

General

  • Target

    tmp.exe

  • Size

    186KB

  • MD5

    9809924a1fb0082898813c23dbc84b24

  • SHA1

    2ed5dd6107be77a09812f45993604ed496417d0b

  • SHA256

    8183f3d03aabd24f00a14cdf4bd6e88c946bc3d2a17ed2368792426d32783e55

  • SHA512

    8a244194152e98bc9839ce6246b78b82e909a9f2b31582a021644a86a3ae03df38ab688bd4561d81b9afcfddecb18b555d24a7d623d8f718eae3a62d56d15ad5

  • SSDEEP

    3072:OPUq+jL3rWh716RfGYSeK95YWX2PaAlN4eT0FNaP0hBUxY3rC8XG4t7hXs+cCk3X:4K/3rUJYSx95YBfSrF8OaiusG6hXs/H

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Suspicious behavior: EnumeratesProcesses 31 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1788-0-0x0000000000FA0000-0x0000000000FCF000-memory.dmp

    Filesize

    188KB

  • memory/1788-1-0x0000000000FA0000-0x0000000000FCF000-memory.dmp

    Filesize

    188KB

  • memory/1788-2-0x0000000000880000-0x0000000000B83000-memory.dmp

    Filesize

    3.0MB

  • memory/1788-3-0x0000000000FA0000-0x0000000000FCF000-memory.dmp

    Filesize

    188KB