51f87065c95be62d9d0ae0ef15269d1bb370ef8c432bd6a78504261ad2dd5353

Analysis

max time kernel
183s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 03:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2615f2ce161339b835e96b958359789c.exe
Size

1.2MB
MD5

2615f2ce161339b835e96b958359789c
SHA1

3df5305428b38257346a6bcb4da6244740f23c23
SHA256

51f87065c95be62d9d0ae0ef15269d1bb370ef8c432bd6a78504261ad2dd5353
SHA512

d705da7d13842ec7a682964016109a76aa5739785889551c0d5023ed26bf08ed9a31f056984105f311a51a055640767e3d8c2d1b547ef277d9c1daa563e50253
SSDEEP

24576:JMo0iUojpwQIRHW/nS7s8GjBuLkraBNQmGfmjHbjQVy/KvraB:JM4PlIR2/S7pfQtfYHPQ

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation	2615f2ce161339b835e96b958359789c.exe

Executes dropped EXE 1 IoCs

pid	Process
4348	Project1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4348	Project1.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 4348	5000	2615f2ce161339b835e96b958359789c.exe	92
PID 5000 wrote to memory of 4348	5000	2615f2ce161339b835e96b958359789c.exe	92
PID 5000 wrote to memory of 4348	5000	2615f2ce161339b835e96b958359789c.exe	92

C:\Users\Admin\AppData\Local\Temp\2615f2ce161339b835e96b958359789c.exe
"C:\Users\Admin\AppData\Local\Temp\2615f2ce161339b835e96b958359789c.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Users\Admin\AppData\Local\Temp\~sfx002F84FF58\Project1.exe
  "C:\Users\Admin\AppData\Local\Temp\~sfx002F84FF58\Project1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~sfx002F84FF58\Project1.exe

Filesize
80KB

MD5
05a2373de1f17d4a6c8ff5a81a23b29a

SHA1
089bdc734a5b763002284070df323c638ad4d723

SHA256
1d89f559a818d0e9f108c6eea8d60162dbe9dfdd7915d753099718068382dc53

SHA512
e98cbd89d3767ce8052a4478e8a1148e447b12d5a2f720cc1b691d2ac4ae58f30817e7dc24be251b8434b749b3cfb54b7057f6d8b5dbbcf50879d4e494b25220

Download Submit
C:\Users\Admin\AppData\Local\Temp\~sfx002F84FF58\Project1.exe

Filesize
96KB

MD5
ff478e58abc7476eaf91e54e7974ba05

SHA1
967a6c71ea4df158785356dd8cd259387be5d9a2

SHA256
ee4bc3b3ce2bd0c73a8865537f8ac8cb4be7e20e615e19b990815de534e26dac

SHA512
cdd87edee7bb0995578fab690305a635ad284470715f3e9e84cda0ca073e62548d257e7921a89e993363ace56aee30a308ab8772b7e099369efdd9416f2c4ee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\~sfx002F84FF58\Project1.exe

Filesize
24KB

MD5
f85ab05b9c5d2560dca6869d02e8a48b

SHA1
5705c0b0b7d29bf4652d823a6270e4adce3f0406

SHA256
7a4e315d93125ac294f07a417868dbfa304cd7da2615b5ab1701f96f95689883

SHA512
4d2b70b9e3433f2e35068be0732d059f8b6a28960d23bb96a7efa392fdc50eaa5e5764dd0d1acfd6e78328e9969f87ded09f21bf294a757be09bb6833c49f69c

Download Submit
memory/5000-18-0x0000000000400000-0x0000000000514000-memory.dmp

Filesize
1.1MB

Download