389fa82fcfb52aaeedfc12b9ab8c124e3b21d7ebe39ef7d40cf2177977932fc6

Analysis

max time kernel
173s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

119e7bdc9df381b657cb7a0dde1bacae.exe
Size

110KB
MD5

119e7bdc9df381b657cb7a0dde1bacae
SHA1

429e910f0489dcbbd15b97c9c831380661a41ee5
SHA256

389fa82fcfb52aaeedfc12b9ab8c124e3b21d7ebe39ef7d40cf2177977932fc6
SHA512

9a8706bd0f3469f2bba6c8b071b6160b184b3c23e752c1026c7956ad11f2f5a219f215786702b0beda3c459d45eef810455d364caa3df78d2da817ec4362f8e7
SSDEEP

1536:AUAdaM1qL7ZpRlu7XqCvO1/WYBpR6kS/Vqy9DhAobOBUFQX1nqz:A9djM3u7Xq1BPy3hoUFkpq

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Control Panel\International\Geo\Nation	119e7bdc9df381b657cb7a0dde1bacae.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2572	2052	119e7bdc9df381b657cb7a0dde1bacae.exe	100
PID 2052 wrote to memory of 2572	2052	119e7bdc9df381b657cb7a0dde1bacae.exe	100
PID 2052 wrote to memory of 2572	2052	119e7bdc9df381b657cb7a0dde1bacae.exe	100

C:\Users\Admin\AppData\Local\Temp\119e7bdc9df381b657cb7a0dde1bacae.exe
"C:\Users\Admin\AppData\Local\Temp\119e7bdc9df381b657cb7a0dde1bacae.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Urb..bat" > nul 2> nul
  2⤵
  PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Urb..bat

Filesize
210B

MD5
7dab95afe4878f926a4ffa86a3697a83

SHA1
74c578f5a29ea043409ee7afd6be316343c496a9

SHA256
78d8b0cba539effba0052379e61bcb4dcb2fa6187bc44b10b46fd0bdeb8ac45a

SHA512
ea888afd8e9f78d43b036c98f4e818028813ddf0cab29f028eacfc650d98d2f59e4345fa017939115fcb5be6774fdfe1117d0bd2c9adffbdd3698c194399578e

Download Submit
memory/2052-0-0x0000000000FE0000-0x0000000000FF4000-memory.dmp

Filesize
80KB

Download
memory/2052-1-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2052-3-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2052-4-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download