Analysis

  • max time kernel
    169s
  • max time network
    176s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 13:45

General

  • Target

    3887364d4e93ac0211c2644e8d93331e.exe

  • Size

    256KB

  • MD5

    3887364d4e93ac0211c2644e8d93331e

  • SHA1

    2c3b1f90fc1473bf6c01badc4a6c77c0c41f9340

  • SHA256

    c87f0fa6393d2784e27f8154ccb984a9642f38bd0d071900549c973dcd1b203f

  • SHA512

    30405fe94a1e67a18ccda6c3800c84e678514e2d2b8d639dd1fe053242d9cb3a5f7a72451862143eb93b7cfd7fb6d20a1723afe677e144236c36f965ce05b118

  • SSDEEP

    3072:E3ZVoeDPlp/nskpCUv5T79fzCC/M7BFsqMabeYiUDoZGi33ygoo:Sf7PlptNvl9fm0UBFsqMabeYiUDogAFJ

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3887364d4e93ac0211c2644e8d93331e.exe
    "C:\Users\Admin\AppData\Local\Temp\3887364d4e93ac0211c2644e8d93331e.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1948
    • C:\Users\Admin\jiceb.exe
      "C:\Users\Admin\jiceb.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2096

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\jiceb.exe

    Filesize

    256KB

    MD5

    7db108d68e31be5d40db235ea0b308b5

    SHA1

    167c06394b95c1b802fea186043d2fadc18b8ba9

    SHA256

    b22ef2dbe7c5ce1919f95bdc3e8be196378a1d3eb5d51b9fd5247b1440eedb6f

    SHA512

    2922129fa2059623a55c61609455c5e2b25d4b815dedb75995eeb50db2cb967223c51f2807757e0f249578d4472c214474bf52e2490f7a95d43f6cccc863c6e3