edd99c173299a825bc95a7bb297d71188236049ad03a671356e0454e4669ff52

Analysis

max time kernel
124s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/12/2023, 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

edd99c173299a825bc95a7bb297d71188236049ad03a671356e0454e4669ff52.exe
Size

172.4MB
MD5

f399dbd5a45a9104834df5b169466185
SHA1

02ee3e5d62f525d3ff7eccf55b9fe82157fee74c
SHA256

edd99c173299a825bc95a7bb297d71188236049ad03a671356e0454e4669ff52
SHA512

218185a3f10cc236490f55514043238702b0f026b0c75af469f3b94e5f01f43322b6b78abca712bda89fb373fbcc71d2aa7cc9aeaaa8a572ccce9e0837cbd779
SSDEEP

1572864:mR7mcP7wZ6drTmRZYdWJq0k8tpYEXuhbp1I:mR7mchTmEdWJg38iw

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\Control Panel\International\Geo\Nation	edd99c173299a825bc95a7bb297d71188236049ad03a671356e0454e4669ff52.exe

Loads dropped DLL 3 IoCs

pid	Process
2388	edd99c173299a825bc95a7bb297d71188236049ad03a671356e0454e4669ff52.exe
2388	edd99c173299a825bc95a7bb297d71188236049ad03a671356e0454e4669ff52.exe
2388	edd99c173299a825bc95a7bb297d71188236049ad03a671356e0454e4669ff52.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2388	edd99c173299a825bc95a7bb297d71188236049ad03a671356e0454e4669ff52.exe

C:\Users\Admin\AppData\Local\Temp\edd99c173299a825bc95a7bb297d71188236049ad03a671356e0454e4669ff52.exe
"C:\Users\Admin\AppData\Local\Temp\edd99c173299a825bc95a7bb297d71188236049ad03a671356e0454e4669ff52.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\.net\edd99c173299a825bc95a7bb297d71188236049ad03a671356e0454e4669ff52\vLDZDPNlyQMUGXKaD1BZsXzJcevyk0U=\D3DCompiler_47_cor3.dll

Filesize
4.7MB

MD5
03a60a6652caf4f49ea5912ce4e1b33c

SHA1
a0d949d4af7b1048dc55e39d1d1260a1e0660c4f

SHA256
b23e7b820ed5c6ea7dcd77817e2cd79f1cec9561d457172287ee634a8bd658c3

SHA512
6711d40d171ea200c92d062226a69f33eb41e9232d74291ef6f0202de73cf4dc54fbdd769104d2bb3e89dc2d81f2f2f3479e4258a5d6a54c545e56b07746b4c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\edd99c173299a825bc95a7bb297d71188236049ad03a671356e0454e4669ff52\vLDZDPNlyQMUGXKaD1BZsXzJcevyk0U=\PresentationNative_cor3.dll

Filesize
1.2MB

MD5
8ec1be06c7e18ed1a28d79aa5999434f

SHA1
d679bc3271655937a640cdf189ad9dcde229d34c

SHA256
f8f7b44f05a9ec52f7b4eec1ab31983bec5f9a32b3ea6a06d50c450c29a4f99f

SHA512
2ee7dde3116d25c6110cf3180204d9d59c63b1937ce1cd2f7bb7e8b7b4666c28919a1f7f8fbe084f1da60e5215db95b54e109015bf0c5fd1779c00b56b62a5f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\edd99c173299a825bc95a7bb297d71188236049ad03a671356e0454e4669ff52\vLDZDPNlyQMUGXKaD1BZsXzJcevyk0U=\wpfgfx_cor3.dll

Filesize
1.9MB

MD5
92bc028e71a47517b4d2f6bbf6c16398

SHA1
4f900585292493cca76019bc3e9b65349d3f66d7

SHA256
cc705e2a05d89be5ed088bb6167f95e66742dd59db7dcfee79e66de26355e732

SHA512
3fba8f8af166bb01d953bf5676e18bdd3669f744d38f4d647d6987299890f8b3a2ae5d23d00970bc570f1af7eb843dc989f9b32f2f7d2bb5fee6d0170745e2b2

Download Submit