Analysis
-
max time kernel
30s -
max time network
174s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25-12-2023 03:30
General
-
Target
032ee518339bc35f1f173a29b105223a.exe
-
Size
232KB
-
MD5
032ee518339bc35f1f173a29b105223a
-
SHA1
3c0fe54528a768d1e22f14e0be4b2864c0911fd0
-
SHA256
8f9a34842656bb5d15f2be00582723e641eb7d9208e3c34569108e4d8da34f00
-
SHA512
f6baf47bbdab3a50476025edef78c0ba608e9ba9a758dce6368b73a590c387e721b53eba759a05ce9200e8b55c490131f11612eca1fefaae9ee9bd89c91a4761
-
SSDEEP
3072:dccx9+/Qwpvznz1NK/z1WdAwKh4aqosAm+wlO:qNz1NK/zEdBKh4aqosAm+w0
Score
10/10
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 11 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 30 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\032ee518339bc35f1f173a29b105223a.exe"C:\Users\Admin\AppData\Local\Temp\032ee518339bc35f1f173a29b105223a.exe"1⤵
- Modifies visiblity of hidden/system files in Explorer
- Checks computer location settings
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\cayag.exe"C:\Users\Admin\cayag.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-