Analysis

  • max time kernel
    201s
  • max time network
    210s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 02:17

General

  • Target

    4c21173ffd09f0d9b4ee2f1ecde02fbe.exe

  • Size

    156KB

  • MD5

    4c21173ffd09f0d9b4ee2f1ecde02fbe

  • SHA1

    232043f5a130c8e06d5d410446bc8250cec7ad3a

  • SHA256

    37c309446f0d20c260dca6767a84fb25e9d93a0488ef5d0505a438f09c8e121b

  • SHA512

    741d93d47cd51453e3278925637647a00b0f3372859f1260328603658c0741482c63d47de99babe29b0375b896e89a64f5214fb6bd473703a8c5dbcc29fa539f

  • SSDEEP

    3072:NsTe4Vcx8jeFvB0Z/I8xSFJKxr2CrIL3NoF0:KmIcvqVuJyr2CML3+i

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c21173ffd09f0d9b4ee2f1ecde02fbe.exe
    "C:\Users\Admin\AppData\Local\Temp\4c21173ffd09f0d9b4ee2f1ecde02fbe.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4572
    • C:\Users\Admin\geeemon.exe
      "C:\Users\Admin\geeemon.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\geeemon.exe

    Filesize

    156KB

    MD5

    c473863edac7e2313d5734f8cbe1c0a4

    SHA1

    e3dcc36f0ff495805d7dcfd9282fd5b5ddec4053

    SHA256

    90743f0f369c934fb7a98f37e37d35b614d6f77b2c6e1464eee43c521b0509ee

    SHA512

    bc4edbd94e02fa3f8c454108def1c9bf0188d328964a7d126dd39d843477b01127a2c6afbd6b6c01a9e61463b57c46e987856d6dbef441e708e9a0fba262bf9c