Analysis

  • max time kernel
    175s
  • max time network
    173s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 16:03

General

  • Target

    7b2c83e6ce54abf1ffeca39c02ef6378.exe

  • Size

    176KB

  • MD5

    7b2c83e6ce54abf1ffeca39c02ef6378

  • SHA1

    169bde615dd6b634a503a2ed5d9b75d656f1bda2

  • SHA256

    4a352be73356af419b78463a95d2ca6cf4799c89ac92f87a581ee50bb08fb69c

  • SHA512

    dbd4e112f1e9a99a54dd6e5ceea3a3003325f2cb0a7a1bea9c32b85e19f5bedaec584f83b151b5c14a84972bfa4cbaa7f5dc0405e3c48a47f2679704dd8f079c

  • SSDEEP

    3072:6RlNSIcEGROnF5grgPmCXMNKiqMdMZZZZWMkIJOh:6g5tEMNIMdHYC

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b2c83e6ce54abf1ffeca39c02ef6378.exe
    "C:\Users\Admin\AppData\Local\Temp\7b2c83e6ce54abf1ffeca39c02ef6378.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2504
    • C:\Users\Admin\reasaez.exe
      "C:\Users\Admin\reasaez.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:4516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\reasaez.exe

    Filesize

    176KB

    MD5

    0e89fa5414591435ff15222f4c19767c

    SHA1

    16a01a1fdb03783b06d125104a96d7f701d97c89

    SHA256

    66110cc8eefb2f8c63a03d2c3bf2229bd6d1c5eb07d842eeb18001ec7125195c

    SHA512

    b80a2eb01b2018b23265a5a59acb0536986ef6632d05d4db831aa191740518083dffa464ae0eb0dc613e64c5e959044b36a375fa769c9cbacb9de09a9c587bca

  • C:\Users\Admin\reasaez.exe

    Filesize

    31KB

    MD5

    fb726d36519e08445ff60ab352ca5a4f

    SHA1

    dbe3aae43b024e877b69e16de8b6f2e72a962aa8

    SHA256

    e8aa9072215027ad5035d7e9385f5ff2af7d6a3686128815b6c7e5c8c7d2faf5

    SHA512

    68ed5afb436a644c37f1aef1f76bed58864e797bc89a013996456bcbec9a6d2adf7f7c051284bee77dbd7052138cba4df28199d0eac8a2f7143f38a544d5713c

  • C:\Users\Admin\reasaez.exe

    Filesize

    81KB

    MD5

    ad6e6175939267da66d1d278236fff3f

    SHA1

    ff3012fb4131da9b71f0815d589e8328a65a8e0d

    SHA256

    c10e533b01691d8bd8842198c5728e0f79837bd8ff2b6a6f2679f9a4ab3597f7

    SHA512

    c3e45d5ef69c9bbc57108560fd02ecc45b713c40a64183599738947e7cceb835740e1769c3931dc2be686362754840a54e308fd12b81b6e22b5b24c83aa84a5d