e03b2c5eaa74d06115b8355fa235e0560efe3565449006d0892bced442d40001

Analysis

max time kernel
0s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37d20c6251eb2841b8f786118163068b.exe
Size

655KB
MD5

37d20c6251eb2841b8f786118163068b
SHA1

0ddcde28c97b691ead8c7a4fc663daef21af1768
SHA256

e03b2c5eaa74d06115b8355fa235e0560efe3565449006d0892bced442d40001
SHA512

bb94c06ec3b0de25bb93ef9c9ed8d2d28f7e2e3550810b81bf2d903c7001e0afd1f92a4af2a0b717f059ba36a2c1d1ad47a62fe29a88c05f36022a0b9b8f8a53
SSDEEP

12288:IojBt6WnTwGPKZqk47F6NRYUOoFv128d/nLETwFbs9sCaNlTMfSsrL+IvRS:tjBt66TwGPoqkHkiggb8sCaN9MxL+IvY

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation	37d20c6251eb2841b8f786118163068b.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\37d20c6251eb2841b8f786118163068b.exe
"C:\Users\Admin\AppData\Local\Temp\37d20c6251eb2841b8f786118163068b.exe"
1⤵
- Checks computer location settings
PID:1452
- C:\Users\Admin\AppData\Local\Temp\rnsetup0.exe
  "C:\Users\Admin\AppData\Local\Temp\rnsetup0.exe"
  2⤵
  PID:508
- - C:\Users\Admin\AppData\Local\Temp\rnupdate0.exe
    C:\Users\Admin\AppData\Local\Temp\rnupdate0.exe /StubSelfUpdate R61PTMP5
    3⤵
    PID:5116

C:\Users\Admin\AppData\Local\Temp\rnsetup1.exe
"C:\Users\Admin\AppData\Local\Temp\rnsetup1.exe" /orgexename="rnupdate0.exe" /StubSelfUpdate R61PTMP5
1⤵
PID:4912
- C:\Users\Admin\AppData\Local\Temp\rninst~0\ui_data\inst_config\rndlp.exe
  "C:\Users\Admin\AppData\Local\Temp\rninst~0\ui_data\inst_config\rndlp.exe" /risehelper
  2⤵
  PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2

Filesize
471B

MD5
b3966fd25c26b2065491ea1e87461d93

SHA1
530c8391c94a39d6395ba9051c2739d6f8aaabe2

SHA256
63211b16cec515f29bc946258d4154bb7dac18955c5fab0d8b0858fe57702196

SHA512
5829d8f72d0b8ad173d2e0074739e99ba5578c927450df7553ad9ee6ccbf9e0d28a65f82dc9a60952a0c37eb8ea5ec50b7a9cb8be30fe14a961b458a7bf70165

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2

Filesize
416B

MD5
02f068257c2eb9b4737ca3ece80bd942

SHA1
0d8a1734f21f39357a3b087316d2ca65aa5f4fdb

SHA256
df324cd9ded8d38a8c306bf03c97a18f1c36e3d0f9e45f0ffcf000e97cd5bc0b

SHA512
28026f0b072702a248f8558f861d5cd186e5bf2e15cb1994cf8d6e3d19db7b59d8f8eb41d21bca165881b9f2f4e895e4239d717c9f9664a43df06469040abd7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\rninst~0\ui_data\pages\chr_reoffer\chr_chrome.png

Filesize
49KB

MD5
42d565063acdf0ec351729185f599ab6

SHA1
27d410b05389ec0f7ded4ca1ce5afd344fc4919f

SHA256
965b874bc3a10087094f0341f8f0d7a654d809ce470911c974b8fe3264dabd0a

SHA512
7b4b122bfea51c1186e03b750dd4de6e4a0bf55d157cf07e3581b9566b9f968f62b5cf3034cb2e1490046e7362408368ddc0cd0e370bd41da4a3093008bb7096

Download Submit
C:\Users\Admin\AppData\Local\Temp\rninst~0\ui_data\pages\chr_reoffer\chr_logo.gif

Filesize
2KB

MD5
5986f07a6d987dae1c79d43dbc110384

SHA1
f3982a3f5ad1bd0ecd0957b7847742302923f093

SHA256
f7ab3dbb0e80ac88e4c96bfd837fa7e712198220d9263c220ff8b420e32dd3e7

SHA512
4fd98775bec231b0cafa48961358b53c847ab23e85107cb4b940eb5c32e75f8370a3bd4dcd2cd4109d13b1485ed2235fdb81f9ba58733f47fe3b83136ba5258b

Download Submit
C:\Users\Admin\AppData\Local\Temp\rninst~0\ui_data\skin\button_ov.png

Filesize
230B

MD5
9ca77e8957addf3e829ac862b9939293

SHA1
425cb2cdce479932c20fdaea9a36b05e096531d1

SHA256
dcb2adf9d6b4029b81e99607fa6f407a16e4c6f21a0a2fd8f4f591b89d438bcd

SHA512
b2edacf883db923bceff02c1b93396ce752e451813af39c9863dd40e25b8387c45ee9b3a9163d79e3d4eb949c6155d8d1f84d3f9813efdd54935e488ae799631

Download Submit
memory/2216-809-0x0000000002AC0000-0x0000000002AD0000-memory.dmp

Filesize
64KB

Download
memory/2216-813-0x00000000052A0000-0x0000000005332000-memory.dmp

Filesize
584KB

Download
memory/2216-812-0x0000000005770000-0x0000000005D14000-memory.dmp

Filesize
5.6MB

Download
memory/2216-811-0x0000000071FC0000-0x0000000072770000-memory.dmp

Filesize
7.7MB

Download
memory/2216-810-0x0000000072860000-0x0000000072870000-memory.dmp

Filesize
64KB

Download
memory/2216-806-0x0000000002CD0000-0x0000000002CE0000-memory.dmp

Filesize
64KB

Download
memory/2216-816-0x0000000006920000-0x0000000006986000-memory.dmp

Filesize
408KB

Download
memory/2216-815-0x0000000006880000-0x000000000691C000-memory.dmp

Filesize
624KB

Download
memory/2216-814-0x0000000005440000-0x0000000005484000-memory.dmp

Filesize
272KB

Download
memory/2216-817-0x0000000006EC0000-0x00000000073EC000-memory.dmp

Filesize
5.2MB

Download
memory/2216-866-0x0000000002CD0000-0x0000000002CE0000-memory.dmp

Filesize
64KB

Download
memory/2216-867-0x0000000071FC0000-0x0000000072770000-memory.dmp

Filesize
7.7MB

Download