Analysis
-
max time kernel
147s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
26/12/2023, 11:54
General
-
Target
6c67bdec0044352c877a585b4a4f5774.exe
-
Size
3.1MB
-
MD5
6c67bdec0044352c877a585b4a4f5774
-
SHA1
36ebc891e438fb2c65b00f61fbccf6b49ef3659f
-
SHA256
e05273d47b94ed4314394c0f861d1b91d345656aa5ba8fb4efc528f2e1ab57d6
-
SHA512
dfcf90eba7f4048603b4d3cd4404692c3703a7c1fddc39375ad311de0ee80cc61b093fe0bed66c423f363018cc341dfabf44fed60046eeb2ff75df3fed9937b7
-
SSDEEP
49152:O9fthFA9eOU75nADnIIXvqpY2qyL8vKBhRYBXIlJBQamuiQVlkH1b8LUVW:otvO+Vr2vqRL8iBzY6lTCVIlk8IW
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 3 IoCs
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6c67bdec0044352c877a585b4a4f5774.exe"C:\Users\Admin\AppData\Local\Temp\6c67bdec0044352c877a585b4a4f5774.exe"1⤵
- Checks computer location settings
- Drops startup file
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lsass.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lsass.exe"2⤵
- Drops startup file
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.1MB
MD56c67bdec0044352c877a585b4a4f5774
SHA136ebc891e438fb2c65b00f61fbccf6b49ef3659f
SHA256e05273d47b94ed4314394c0f861d1b91d345656aa5ba8fb4efc528f2e1ab57d6
SHA512dfcf90eba7f4048603b4d3cd4404692c3703a7c1fddc39375ad311de0ee80cc61b093fe0bed66c423f363018cc341dfabf44fed60046eeb2ff75df3fed9937b7
-
Filesize
36KB
-
Filesize
36KB