Analysis
-
max time kernel
146s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
19-12-2023 10:50
General
-
Target
0d0a2208b855c142ebf061536d70913e.exe
-
Size
15KB
-
MD5
0d0a2208b855c142ebf061536d70913e
-
SHA1
1787cbd5f208f3a7de7eee3cd4c3a5e55a590845
-
SHA256
6f562ae1d100954112f4db3f5ea6f3ae6a381b6669e3278cfa1b72f28cd5e720
-
SHA512
2c438688b3c493ccffb3962d13e9bc4620ef8351a905acfff6c0d038a5ff379260cad193575f607b73159ab9f5b5742ca605da92f4315cbc83fec8545059e405
-
SSDEEP
384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhYltrA:hDXWipuE+K3/SSHgxmltrA
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 4 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0d0a2208b855c142ebf061536d70913e.exe"C:\Users\Admin\AppData\Local\Temp\0d0a2208b855c142ebf061536d70913e.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\DEM93B0.exe"C:\Users\Admin\AppData\Local\Temp\DEM93B0.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\DEM4C13.exe"C:\Users\Admin\AppData\Local\Temp\DEM4C13.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\DEMA4A3.exe"C:\Users\Admin\AppData\Local\Temp\DEMA4A3.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\DEMFC87.exe"C:\Users\Admin\AppData\Local\Temp\DEMFC87.exe"5⤵
- Executes dropped EXE
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
15KB
MD5727ca2712aed7dd14ffd5f46dc31b079
SHA187d32a8e731a22c394276075970acf791559f0ed
SHA256fbdced73d6f82de901945792e01d2176af5955e5dc8168762476f4fd1a8787dd
SHA5128d272379b30c01e790e4bc05200f5c7d1abd11b2c9f1ade8c637bd1e98295a96b580a265b83590efc8b3c88db6907aae73d27fa085db8b4f12f0febfe71ab911
-
Filesize
15KB
MD5bd14b95201ee2df25042e65e882e282b
SHA1d793acdae70b3230a4619d89355b120b5c5afb65
SHA2560af5d3cdc31895d1b932850015204d7453f91df38608dd2096834f004200a0ba
SHA512219246efd1a6f4f7286ee6996c9d653af33643038a5347ae1068c6a2d07283264fd5c18319d837d93e5c22193c45cccfef571b50d6428202f3c094f0f41e75dd
-
Filesize
15KB
MD549e025bc277b3dc5a3f8b5b002765335
SHA14d713bb1abae3d16720214aedbb1b627450ae704
SHA256f1b673297b00bec69d053276aa1c09c81b48f35cfa4b0bf6d19386383bfd2f60
SHA5121dab706a8fa07da1db1c71a9e295c9b5f0aaf3e61297464f70e2b572eaff649762fa3a3e2c9f4c4267f0cbaa7794ccf79524c00f8caa6d602d41ebcd5140a74d
-
Filesize
15KB
MD5c9891f892199ae0af96d127108b18306
SHA1d3fca97e4dd4531590b29f0c148d1bc58e364777
SHA256788b5253fc2455f4802d93d1bb6af6eea12b730272cb0bae2144432911b554f0
SHA5127284a958f068c51bf263e389a84678f9d4b7e4a8f61e774f59f2b6a45e1e6a14c09a899b06d2cd158e56bc5de63a5d15e65f99c85271536b6ea9bccdde2d5f87