b24e1c522e4cde05978e17faa213ba34b0547b5aab4e9c3f318fc935516f01e1

Analysis

max time kernel
0s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/12/2023, 20:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f660b7279e4613eaa2f18e55a0954bcc.exe
Size

2.0MB
MD5

f660b7279e4613eaa2f18e55a0954bcc
SHA1

eda18cc4e4774885bfaae2c6ea4ae2f5e49c0690
SHA256

b24e1c522e4cde05978e17faa213ba34b0547b5aab4e9c3f318fc935516f01e1
SHA512

23a05ae4915cd807520bcb4ccdafc0e0fb0a5339e946ed628d25d6e6c650628bd38f886392f828c2f70628713c3fe703eee5551676c054173218aa5b4e874670
SSDEEP

3072:Cqu7aslM9lhLElGtSIs48417nFdcQ4FdHLDC62ftOS2N:CqrK

Score

7^/10

upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	f660b7279e4613eaa2f18e55a0954bcc.exe

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2396-23-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral2/memory/2396-22-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral2/memory/2396-21-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral2/memory/2396-18-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral2/memory/2396-56-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral2/memory/2396-66-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral2/memory/2396-205-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral2/memory/2396-305-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral2/memory/2396-582-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral2/memory/2396-1100-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral2/memory/2396-1157-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral2/memory/2396-1195-0x0000000000400000-0x000000000043F000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3864	f660b7279e4613eaa2f18e55a0954bcc.exe

C:\Users\Admin\AppData\Local\Temp\f660b7279e4613eaa2f18e55a0954bcc.exe
"C:\Users\Admin\AppData\Local\Temp\f660b7279e4613eaa2f18e55a0954bcc.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:3864
- C:\Users\Admin\E696D64614\winlogon.exe
  "C:\Users\Admin\E696D64614\winlogon.exe"
  2⤵
  PID:4684
- - C:\Users\Admin\E696D64614\winlogon.exe
    "C:\Users\Admin\E696D64614\winlogon.exe"
    3⤵
    PID:2396

C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
1⤵
PID:1108

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
PID:1940
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1940 CREDAT:17410 /prefetch:2
  2⤵
  PID:4036
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1940 CREDAT:17424 /prefetch:2
  2⤵
  PID:5116
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1940 CREDAT:17430 /prefetch:2
  2⤵
  PID:916
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1940 CREDAT:82952 /prefetch:2
  2⤵
  PID:4588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
637a0ea07c064abb437d2d8ba97d3123

SHA1
72dd391699cd69a5434c944123515c237926fa06

SHA256
90f1055f9820d82840e6e43fe8769b5eaed82577469630f3aef5c2ba91f8bc56

SHA512
a02e289b37fd2455613a84e306cb1eed7caacb7f9fc7f4190348f2074a0671c9d951378552ee925b994222f459595aa1427b2d6b543fa333837eb043a9b42721

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
3bc6b1c5ff5124c4dbf22cfa3927deda

SHA1
bcf1a913e4b21f77966bdcfdfad44876f12fb242

SHA256
62bfa1d0abe1d8af115398c6bb7485a70e6094f4bd5dcdfe7b4b21dde070cef3

SHA512
ca0126e204f37e91b59fce054c6c5cbf694d32cf4483081e7badb0b6e1f961315cc692b4eecf64f363492ed3613f33fc27f3b9b74397cb59a09b6650070b947f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verF5BA.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1RIAF1U2\api[1].js

Filesize
850B

MD5
3b2e99294f82f2ba64c2ca33c8b607e1

SHA1
991dabc70bbdc7e83b422f16044866e286bba07f

SHA256
5c233ff100be4a898501dd4838cca4ecf914eb5926cc287416793208eed9d151

SHA512
ce5f2e9e1caef7b744767386e8e10273703d6856590b6b8f812ee73fc4aaa53319f12b8c42ce087448ebf11766dd27ed8376786d741a8ebc37c24450a9545e67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1RIAF1U2\zyw6mds[1].css

Filesize
1KB

MD5
4c2e266587bb622926747856f9bdb65d

SHA1
16999e0d2a01b96b70a0ef191461388c5047f1ed

SHA256
cfddcd1ab28963d8219ef42d0b455b1e062521bfe7b100d4c47e0b9dd0a79023

SHA512
c9526cd6537aa068b48641fd2dfb93843fc5f535faa4cd856d4d3427c8f1e97d79c969215a9291fd50a96597c43dba3c45a3fe2ad32c78677e38f93dbfc32ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SB302YPZ\css[1].css

Filesize
530B

MD5
0a127ad39a8ebe4207492293b556adf6

SHA1
17d3dad64e4f9139cfb85bbcca6659a8aa532a48

SHA256
c1294965425b5028a83bbe5eeed0cd9b92733ec41efd07e34532522d4c97b6e1

SHA512
5aa845c5c6c20259d9c6bc0c9fdbd13ff178ba4008865f7113387767db0ad39cd53c1d276cfa4997186fd39f21d30bf00caf8d092e5c04119d992368b1563df3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SB302YPZ\domain_profile[1].htm

Filesize
6KB

MD5
4620ac966a9202b5dc4b986f2b2771bd

SHA1
d8de185a78e6c8a04e43f48f02ef4896d6f34691

SHA256
2e6ff6e0253236e8d211cfee2543d0a1602b654ca663fb47b5976f01c60633d4

SHA512
4415dc95f9228c5b84c14b4364724ce58726e0197d9e90a2ce9163207184802aa7ede1fed1944c5335a131972bf2b8f0e3e7308e8d7139c469d9b3935ce977bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SB302YPZ\reboot.min[1].css

Filesize
3KB

MD5
51b8b71098eeed2c55a4534e48579a16

SHA1
2ec1922d2bfaf67bf3ffabe43a11e3bf481dc5d7

SHA256
bd78e3bcc569d029e7c709144e4038dede4d92a143e77bc46e4f15913769758b

SHA512
2597223e603e095bf405998aacd8585f85e66de8d992a9078951dd85f462217305e215b4828188bf7840368d8116ed8fb5d95f3bfab00240b4a8ddab71ac760d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SB302YPZ\styles__ltr[1].css

Filesize
55KB

MD5
eb4bc511f79f7a1573b45f5775b3a99b

SHA1
d910fb51ad7316aa54f055079374574698e74b35

SHA256
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

SHA512
ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SB302YPZ\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UG0DPB4T\jquery.fancybox.min[1].css

Filesize
12KB

MD5
a2d42584292f64c5827e8b67b1b38726

SHA1
1be9b79be02a1cfc5d96c4a5e0feb8f472babd95

SHA256
5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0

SHA512
1fd8eb6628a8a5476c2e983de00df7dc47ee9a0501a4ef4c75bc52b5d7884e8f8a10831a35f1cdbf0ca38c325bf8444f6914ba0e9c9194a6ef3d46ac348b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UG0DPB4T\style[1].css

Filesize
52KB

MD5
33bcd622113686c1e310d70424a1a30c

SHA1
96d2171b0dd27c27f8fb473ba6247954757475a4

SHA256
af5d660985a7db5af10cb3c4300c72924274fbcb5ba14c75ab7c6a75071619d7

SHA512
c57137ec464783745074cc4d1599064234204822fd8b2b4ae6459dccbc29c2b920764e03b4e6c0a1fc51ab133c298bd07bdeafad757991996510e8d7691cddbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UG0DPB4T\t[2].gif

Filesize
49B

MD5
56398e76be6355ad5999b262208a17c9

SHA1
a1fdee122b95748d81cee426d717c05b5174fe96

SHA256
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

SHA512
fd8b021f0236e487bfee13bf8f0ae98760abc492f7ca3023e292631979e135cb4ccb0c89b6234971b060ad72c0ca4474cbb5092c6c7a3255d81a54a36277b486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W8BIYKF7\domain_profile[1].htm

Filesize
6KB

MD5
b4df8052690bf9f58a8ed59598c812cd

SHA1
0b5ae12310756995793f1b38f158c298385f4ece

SHA256
743d4c5a416b66ecd2c57e03fbd85415498e8505ef3d1d923c7287f798244d8d

SHA512
5b6fb6e519d9c59ddb0157af679aeff45d4b377dc03c9698e00e5e2a2acd79f9850a7327ab05dceceed01fc7ed36af6d0b68c21159c258fe8522219c1fd4dd2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W8BIYKF7\p[1].css

Filesize
5B

MD5
83d24d4b43cc7eef2b61e66c95f3d158

SHA1
f0cafc285ee23bb6c28c5166f305493c4331c84d

SHA256
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

SHA512
e6e84563d3a55767f8e5f36c4e217a0768120d6e15ce4d01aa63d36af7ec8d20b600ce96dcc56de91ec7e55e83a8267baddd68b61447069b82abdb2e92c6acb6

Download Submit
C:\Users\Admin\E696D64614\winlogon.exe

Filesize
92KB

MD5
734744569041888334474d5cf41d6a09

SHA1
8bdc1dee6c04195861e0990c4d1f43b2196aa912

SHA256
3bed17a4da65b2f03f6d3100609aa563b1acdd8158fdd3ed1cb7f95a310884be

SHA512
33fd483d7b38c29f8f75190f4385371f68189a696b4427f6f5e5c09bf7271d872648905229ff96a4710077b03b48e9c6a3c5a617d731e399b9eb2fe474868d11

Download Submit
memory/2396-56-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2396-21-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2396-305-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2396-66-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2396-582-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2396-1267-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2396-18-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2396-205-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2396-22-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2396-23-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2396-1100-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2396-1157-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2396-1195-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/3864-0-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download