Overview

overview

8

Static

static

3

RUSSKAYA-GOLAYA.exe

windows7-x64

8

RUSSKAYA-GOLAYA.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 23:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RUSSKAYA-GOLAYA.exe

  • Size

    238KB

  • MD5

    356b69500eca08b5e00fce6e11922f63

  • SHA1

    4132beec4d338f4cbcc06c3b0f4d6ed4337c62dc

  • SHA256

    08589e58ed2af1994ca1c816768e5f2a042b0ec7186d2c673a4b5f754f5453f0

  • SHA512

    f34ba040b04feaed119281bf592e57d6bd00bed0f19ed2fc5644ce286321af0127fcebb1233c4c7d5f20f0f85d0be73b6a60164aa5ab515a7b3332af7100018d

  • SSDEEP

    6144:MbXE9OiTGfhEClq9528TfdRoWRg+lNEAJJUm:oU9XiuiJ8DRxl3

Score
8/10
discovery

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Drops file in Drivers directory 3 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RUSSKAYA-GOLAYA.exe
    "C:\Users\Admin\AppData\Local\Temp\RUSSKAYA-GOLAYA.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4016
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\sri teplim kalom\singaraja eto les\fresh_meamings_cold_not_to_be_hero.bat" "
      2⤵
      • Drops file in Drivers directory
      • Drops file in Program Files directory
      PID:4576
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\sri teplim kalom\singaraja eto les\sleep_my_darling_sleppp.vbs"
      2⤵
      • Blocklisted process makes network request
      • Drops file in Drivers directory
      PID:4264

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\sri teplim kalom\singaraja eto les\fresh_meamings_cold_not_to_be_hero.bat
    Filesize

    1KB

    MD5

    145be08a3a04bebad33b7816f025b4b4

    SHA1

    f1e01e5d7d0628bd7fe21a62f71800ec6a89b06b

    SHA256

    ea9f727bc90fa8586d0f53ed7d9327b1bc1d2a931c7f1cae5e2b43f0e785683a

    SHA512

    b34998bf04447b8773fee8ca28ad78158b3062de407cc95611a0e388dba1070529714ef3051779e5316b1bb0654110d5954db77dd86e77d44c7221847c17d35f

    Download Submit

  • C:\Program Files (x86)\sri teplim kalom\singaraja eto les\net_v_zizni_nehera_etogo_kak_ego_o_stastia.jog
    Filesize

    97B

    MD5

    3807e1f3cb6ac7e9c85010cdcd2f1f45

    SHA1

    777efdef5312f5cc7631ade918101598b9db0987

    SHA256

    5b6842d21454ad96181462652e7c62ad19151a09aaeada14cdc3e1d1784cc637

    SHA512

    aa15e58fb0beb18ac94d1712b60d8162229983aa7155a859b8f978f8c9dc467b67d7b2eee9e9cb8835692691342c4ace9621ebd56bd83a4eeb0d6deba5671d40

    Download Submit

  • C:\Program Files (x86)\sri teplim kalom\singaraja eto les\sleep_my_darling_sleppp.vbs
    Filesize

    1KB

    MD5

    7348acb8d780feba3362703a13ec0b43

    SHA1

    cf978c4890e8e3c4bd31fddf6f9d06f66019a546

    SHA256

    664648d53f9ed92cc20f06d9b479231842ad24a94d59858ec59b8a8abfaa5a08

    SHA512

    7f2020aa6c63b50d29781a0eebf450df65e5121dd400d2f7372659933890e3347c8a1cfcc9f5cff149a29165689f3d7570c20abf545dd12c2e9f835add547777

    Download Submit

  • C:\Windows\System32\drivers\etc\hosts
    Filesize

    1KB

    MD5

    b4434980101442bcce3e0b0f6d12d743

    SHA1

    1a68111eba898c9b337b1dcd8cd803e339df5335

    SHA256

    9e8f7c183744c28ee7e84f2804a12185b1d330e25a929dd71c1adee6f6dbfb93

    SHA512

    86fc9e287d669446159989e463774cba0a5105c5394231782f41fd61cb41647ab48b4d773de11e06538721c4b10900548ac328e38fbfac217927dd9f9fdf9941

    Download Submit

  • memory/4016-39-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download

  • memory/4016-41-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download