8a80ee66fbdd3f9a8099007a42e8eb0e2927b5d3ba613aad59fa55dd76241640

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

119f8975b175c5515d79d6395cf666c7.exe
Size

121KB
MD5

119f8975b175c5515d79d6395cf666c7
SHA1

5376fe33028c722580de65019022adf4e39128ac
SHA256

8a80ee66fbdd3f9a8099007a42e8eb0e2927b5d3ba613aad59fa55dd76241640
SHA512

ac28bb08022eac6c2013d0323c2adce2190b8f91e13098031ebb0cf3c505e4669114fec700d35dcd924ff22223d166e3e984629514b1f7692582a0d139347a8b
SSDEEP

1536:iUK3ATn6Q1w6ZnBbWxu5hb86HTU879i0PORJrqpzuQfVH+:SwTJPl9Wxuw6HTqR4pV

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Control Panel\International\Geo\Nation	119f8975b175c5515d79d6395cf666c7.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3560 wrote to memory of 3196	3560	119f8975b175c5515d79d6395cf666c7.exe	65
PID 3560 wrote to memory of 3196	3560	119f8975b175c5515d79d6395cf666c7.exe	65
PID 3560 wrote to memory of 3196	3560	119f8975b175c5515d79d6395cf666c7.exe	65

C:\Users\Admin\AppData\Local\Temp\119f8975b175c5515d79d6395cf666c7.exe
"C:\Users\Admin\AppData\Local\Temp\119f8975b175c5515d79d6395cf666c7.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3560
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Akp..bat" > nul 2> nul
  2⤵
  PID:3196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Akp..bat

Filesize
210B

MD5
7b75ffbc3a4112a2c7e22b1848f4d37d

SHA1
cb605858c57ee60065697015d2d5eb77be919452

SHA256
03c24c56bbe88e7899739390ff77206b86f1e6d6f85dd453169a9d3c4fd9c0c9

SHA512
78e868b3bfc03de7ff206699c8bc14410dc78daea3a9502e3953e7ea8f34742e95be6d8927086b5b2487f785cc3601f31071c529b740aa5d4fdaaafe911c1795

Download Submit
memory/3560-0-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/3560-2-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/3560-1-0x00000000001D0000-0x00000000001DF000-memory.dmp

Filesize
60KB

Download
memory/3560-4-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download