Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 03:28

General

  • Target

    26607182708f0d40b90568727e4def26.exe

  • Size

    240KB

  • MD5

    26607182708f0d40b90568727e4def26

  • SHA1

    2f28d204ed97eb11aef2ca6bf6413892f26f6d49

  • SHA256

    19c149d633702c96a7154c2d175c5af4b0934d87c43aeb6fde15159979e75589

  • SHA512

    1e0340bba627aee9ddd2004c692908290b4b98b6069d28426c4919cc667611d8b267a97787e7bab00c895d46fb55b4325eb628d55191b1788fd4ed5dcf335319

  • SSDEEP

    6144:ZU343dwqsNwemAB0EqxF6snji81RUinKchhyNSQ:IidQQJs0

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26607182708f0d40b90568727e4def26.exe
    "C:\Users\Admin\AppData\Local\Temp\26607182708f0d40b90568727e4def26.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2984
    • C:\Users\Admin\vaaoka.exe
      "C:\Users\Admin\vaaoka.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\vaaoka.exe

    Filesize

    240KB

    MD5

    4b2c37e4693e9e67a35ed3f383f67046

    SHA1

    5a613a564dfc3b1d4b36a10367175070f11e9977

    SHA256

    aa697b15805747b5c247bca219535015ae1acaf8b32d3349d70b93be5f337685

    SHA512

    e89b01d4d123902e8720e7dad0178192829b896adfa1f3935e561e1b4d2db3af6c4fdadfbdef583e2ad491795279a4d445aef18d5492f0ae00aebc47ced2e064