4f4574ccbc6baaf6b9f2ae700b697b06e06285b75b0197cfaba3842b045fb3fe

Analysis

max time kernel
154s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d5727122e4fed3568c1902eac9f282c.exe
Size

1.2MB
MD5

1d5727122e4fed3568c1902eac9f282c
SHA1

3fc68e609bf8d03d96b1b8efe750639abf6c2e35
SHA256

4f4574ccbc6baaf6b9f2ae700b697b06e06285b75b0197cfaba3842b045fb3fe
SHA512

ffb3164051a5dd24b9d5829c2615cebad872d88dce49941f5e2dbaac16c9653d981d3dce3cd30d0ebcb7c3e68342fb680511093abaab8d33c631d16755208ea7
SSDEEP

24576:vuQkTf4AFPq7Ic5EKaxkfuw4EssrK0UI3FNRK:ZkTgAOskftTsf0UI3tK

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation	1d5727122e4fed3568c1902eac9f282c.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5008	1d5727122e4fed3568c1902eac9f282c.exe

C:\Users\Admin\AppData\Local\Temp\1d5727122e4fed3568c1902eac9f282c.exe
"C:\Users\Admin\AppData\Local\Temp\1d5727122e4fed3568c1902eac9f282c.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:5008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5008-0-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-7-0x0000000076AD0000-0x0000000076BC0000-memory.dmp

Filesize
960KB

Download
memory/5008-9-0x0000000076AD0000-0x0000000076BC0000-memory.dmp

Filesize
960KB

Download
memory/5008-5-0x0000000076AD0000-0x0000000076BC0000-memory.dmp

Filesize
960KB

Download
memory/5008-11-0x0000000000530000-0x0000000000540000-memory.dmp

Filesize
64KB

Download
memory/5008-13-0x0000000076AD0000-0x0000000076BC0000-memory.dmp

Filesize
960KB

Download
memory/5008-15-0x0000000000530000-0x0000000000540000-memory.dmp

Filesize
64KB

Download
memory/5008-14-0x0000000000530000-0x0000000000540000-memory.dmp

Filesize
64KB

Download
memory/5008-16-0x00000000754C0000-0x0000000075A71000-memory.dmp

Filesize
5.7MB

Download
memory/5008-18-0x00000000754C0000-0x0000000075A71000-memory.dmp

Filesize
5.7MB

Download
memory/5008-17-0x0000000000D60000-0x0000000000D70000-memory.dmp

Filesize
64KB

Download
memory/5008-19-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-20-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-21-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-22-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-23-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-24-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-25-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-28-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-29-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-30-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-31-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-27-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-32-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-33-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-26-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-35-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-38-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-37-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-39-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-36-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-34-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-40-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-46-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-47-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-48-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-44-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-45-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-49-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-50-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-53-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-59-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-58-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-57-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-60-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-62-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-66-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-65-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-68-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-69-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-74-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-73-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-75-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-72-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-71-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-70-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-67-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-64-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-63-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-61-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-56-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-55-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-54-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-52-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-51-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-43-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-41-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-42-0x0000000000490000-0x00000000004FA000-memory.dmp

Filesize
424KB

Download
memory/5008-77-0x0000000076AD0000-0x0000000076BC0000-memory.dmp

Filesize
960KB

Download
memory/5008-78-0x00000000754C0000-0x0000000075A71000-memory.dmp

Filesize
5.7MB

Download