Analysis
-
max time kernel
152s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
29/12/2023, 23:36
General
-
Target
072177c2336eca9ecbdaafab81b15564.exe
-
Size
49KB
-
MD5
072177c2336eca9ecbdaafab81b15564
-
SHA1
bb6fe3101e6fb7c30e23408d33ebc30833554ae9
-
SHA256
28fba337d7c68e0ae22ea99056cff6b6b7384006a0703761df7f6fd508b7e074
-
SHA512
2f25d7fb9b2bb9be1bbd8eed377b40cc48466384bc2f34a60b6fd3d3006b135b81c23e6ee46cfcc812b92dfdaf3e1916c4732586a31e66e628adb4f762f9f79e
-
SSDEEP
768:EyW1yBtObv0U/xwPp0EoooiYECG2nZF5sZVcmxMr:24Bobv7aB0EooYEC3rUVcYY
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\072177c2336eca9ecbdaafab81b15564.exe"C:\Users\Admin\AppData\Local\Temp\072177c2336eca9ecbdaafab81b15564.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\zbhnd.exe"C:\Users\Admin\AppData\Local\Temp\zbhnd.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
49KB
MD5dda57ed41bc90e2d1e061c94a810ad6f
SHA1ee0d47f4e6c3c55c8dd1663d9882cfab14caf319
SHA256a28a3d27a1a53741870f6b7f17c65574c6a203191cee88c35567c9df97c21d06
SHA512008ef77bd34cc34bff4dfb0193fa20b42a95a80b48568950ace0abaf7e34edf9542fe18b7b43ff23f27c760a0ae8be37b731d4d9a7a058ba07b06879700b9001
-
Filesize
36KB
-
Filesize
36KB
-
Filesize
36KB
-
Filesize
36KB
-
Filesize
36KB