58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664

Analysis

max time kernel
144s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2023 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe
Size

1.9MB
MD5

20ec40cf51b72055a91e2233f901b82c
SHA1

d995f6af37a28ce912c2cdec74c8419fb22f9962
SHA256

58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664
SHA512

212afde272dd61b9f0ed78e18c818dbdd6c8bf8b8f149f342f69e20eaeb84a7c007b0819cfca51d83a250496d1883e86a0aee6516fd43c14445f4f94321cbad9
SSDEEP

49152:ozXeC3Q1XEEAQ55PAyNpmm4GUb66bjtzcqJ/JyGbzQ6:YtQ10EP55PAyl4bb6cthRyGY6

Score

8^/10

upx

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe

Executes dropped EXE 1 IoCs

pid	Process
4380	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe

Loads dropped DLL 2 IoCs

pid	Process
1456	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe
4380	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe

UPX packed file 58 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1456-0-0x0000000000400000-0x00000000008FE200-memory.dmp	upx
behavioral2/memory/1456-6-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-8-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-9-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-7-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-11-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-13-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-15-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-17-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-20-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-23-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-25-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-28-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-30-0x0000000000400000-0x00000000008FE200-memory.dmp	upx
behavioral2/memory/1456-31-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-33-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-35-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-37-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-39-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-41-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-43-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-47-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-45-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-49-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-51-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-53-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-55-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/1456-56-0x0000000002E10000-0x0000000002E82000-memory.dmp	upx
behavioral2/memory/1456-61-0x0000000000400000-0x00000000008FE200-memory.dmp	upx
behavioral2/files/0x00060000000223f5-64.dat	upx
behavioral2/files/0x00060000000223f5-67.dat	upx
behavioral2/memory/4380-68-0x0000000000400000-0x00000000008FF200-memory.dmp	upx
behavioral2/memory/1456-69-0x0000000000400000-0x00000000008FE200-memory.dmp	upx
behavioral2/memory/4380-74-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4380-76-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/files/0x00060000000223f5-75.dat	upx
behavioral2/memory/1456-73-0x0000000002E10000-0x0000000002E82000-memory.dmp	upx
behavioral2/memory/4380-77-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4380-79-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4380-81-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4380-83-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4380-85-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4380-87-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4380-90-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4380-92-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4380-99-0x0000000000400000-0x00000000008FF200-memory.dmp	upx
behavioral2/memory/4380-101-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4380-103-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4380-106-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4380-110-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4380-114-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4380-119-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4380-122-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4380-127-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4380-129-0x0000000003010000-0x0000000003082000-memory.dmp	upx
behavioral2/memory/4380-130-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4380-131-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4380-135-0x0000000003010000-0x0000000003082000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1456	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe
1456	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe
1456	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe
1456	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe
4380	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe
4380	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe
4380	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe
4380	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe

Suspicious behavior: RenamesItself 2 IoCs

pid	Process
1456	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe
1456	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
1456	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe
1456	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe
1456	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe
4380	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe
4380	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe
4380	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe
4380	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe
4380	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe
4380	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 4380	1456	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe	96
PID 1456 wrote to memory of 4380	1456	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe	96
PID 1456 wrote to memory of 4380	1456	58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe	96

C:\Users\Admin\AppData\Local\Temp\58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe
"C:\Users\Admin\AppData\Local\Temp\58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Users\Admin\AppData\Local\Temp\58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe
  "C:\Users\Admin\AppData\Local\Temp\58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe" 1456
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe

Filesize
1.9MB

MD5
eb46d105fb5dea11e7ab81df81657742

SHA1
b84b8031d2fc4afff405566a357f6c4e8b823e5c

SHA256
da9a50ad27c5667665f2c481199918a286d254668f8576e1a7906e80cac61526

SHA512
90109c5c4102abd3a44e6f6948bcdc7fc6a85eaf422dfe837eb3d24705848e8479c93447099ccfbe689ebcc0f35e66e40cbe34f38b744791c0bbb0e88bc7c2f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe

Filesize
1.9MB

MD5
eb46d105fb5dea11e7ab81df81657742

SHA1
b84b8031d2fc4afff405566a357f6c4e8b823e5c

SHA256
da9a50ad27c5667665f2c481199918a286d254668f8576e1a7906e80cac61526

SHA512
90109c5c4102abd3a44e6f6948bcdc7fc6a85eaf422dfe837eb3d24705848e8479c93447099ccfbe689ebcc0f35e66e40cbe34f38b744791c0bbb0e88bc7c2f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\58f9600be17409013e538296cfa6ae26d25bbf5b255be827bc03aad5f9e38664.exe

Filesize
1.9MB

MD5
eb46d105fb5dea11e7ab81df81657742

SHA1
b84b8031d2fc4afff405566a357f6c4e8b823e5c

SHA256
da9a50ad27c5667665f2c481199918a286d254668f8576e1a7906e80cac61526

SHA512
90109c5c4102abd3a44e6f6948bcdc7fc6a85eaf422dfe837eb3d24705848e8479c93447099ccfbe689ebcc0f35e66e40cbe34f38b744791c0bbb0e88bc7c2f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\iext1.fnr.bbs.125.la

Filesize
724KB

MD5
a96fbd5e66b31f3d816ad80f623e9bd9

SHA1
4eda42260bd3eb930cd4eafd7d15c6af367bcf18

SHA256
2e67ba278646fde95bb614dcbcc7da1c6bf7976c918b2c6ad3d78640000326f3

SHA512
43921107313775ea14b1bd33cf758c13798f4fa1c1074771c1c96b1b43b98f3416d249ed8ab3171383772d0054829c3754a91b5e94135f1df6d67a76f599c80e

Download Submit
C:\Users\Admin\AppData\Local\Temp\iext1.fnr.bbs.125.la

Filesize
724KB

MD5
a96fbd5e66b31f3d816ad80f623e9bd9

SHA1
4eda42260bd3eb930cd4eafd7d15c6af367bcf18

SHA256
2e67ba278646fde95bb614dcbcc7da1c6bf7976c918b2c6ad3d78640000326f3

SHA512
43921107313775ea14b1bd33cf758c13798f4fa1c1074771c1c96b1b43b98f3416d249ed8ab3171383772d0054829c3754a91b5e94135f1df6d67a76f599c80e

Download Submit
C:\Users\Admin\AppData\Local\Temp\iext1.fnr.bbs.125.la

Filesize
724KB

MD5
a96fbd5e66b31f3d816ad80f623e9bd9

SHA1
4eda42260bd3eb930cd4eafd7d15c6af367bcf18

SHA256
2e67ba278646fde95bb614dcbcc7da1c6bf7976c918b2c6ad3d78640000326f3

SHA512
43921107313775ea14b1bd33cf758c13798f4fa1c1074771c1c96b1b43b98f3416d249ed8ab3171383772d0054829c3754a91b5e94135f1df6d67a76f599c80e

Download Submit
memory/1456-31-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-43-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-15-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-17-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-20-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-23-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-25-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-28-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-30-0x0000000000400000-0x00000000008FE200-memory.dmp

Filesize
5.0MB

Download
memory/1456-0-0x0000000000400000-0x00000000008FE200-memory.dmp

Filesize
5.0MB

Download
memory/1456-33-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-35-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-37-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-39-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-41-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-6-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-47-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-45-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-49-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-51-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-53-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-55-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-69-0x0000000000400000-0x00000000008FE200-memory.dmp

Filesize
5.0MB

Download
memory/1456-61-0x0000000000400000-0x00000000008FE200-memory.dmp

Filesize
5.0MB

Download
memory/1456-11-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-7-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-56-0x0000000002E10000-0x0000000002E82000-memory.dmp

Filesize
456KB

Download
memory/1456-13-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-9-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-8-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1456-73-0x0000000002E10000-0x0000000002E82000-memory.dmp

Filesize
456KB

Download
memory/4380-130-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4380-76-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4380-74-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4380-77-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4380-79-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4380-81-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4380-83-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4380-85-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4380-87-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4380-90-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4380-92-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4380-99-0x0000000000400000-0x00000000008FF200-memory.dmp

Filesize
5.0MB

Download
memory/4380-101-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4380-103-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4380-106-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4380-110-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4380-114-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4380-119-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4380-122-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4380-127-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4380-129-0x0000000003010000-0x0000000003082000-memory.dmp

Filesize
456KB

Download
memory/4380-68-0x0000000000400000-0x00000000008FF200-memory.dmp

Filesize
5.0MB

Download
memory/4380-131-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4380-135-0x0000000003010000-0x0000000003082000-memory.dmp

Filesize
456KB

Download