7b35b77b3a955e72ffb5beadec92e06345aa719661cd2e3fe9ab283594fd5951

Resubmissions

29-11-2024 09:09

241129-k4hhvsxjh1 10

31-12-2023 13:32

231231-qs5rxaceer 7

Analysis

max time kernel
0s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81351025614fa49877fe720b29232748.exe
Size

1.0MB
MD5

81351025614fa49877fe720b29232748
SHA1

562d461be71f9a6174b4aa4ea6b7ea11cc7882b4
SHA256

7b35b77b3a955e72ffb5beadec92e06345aa719661cd2e3fe9ab283594fd5951
SHA512

8e4e42352ff3e07db7cfdd7b80ed428b3cbd649d756f6e6565d5bcb6a3c2d2f0b5b72280e0c6800463cb4d7b1789362b497ff5307d0af254cdba0e9ec47cad75
SSDEEP

12288:GMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9BL+AUbA1w/6xZZUD0X4k+:GnsJ39LyjbJkQFMhmC+6GD9ReSfZUAX8

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation	81351025614fa49877fe720b29232748.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Script User-Agent 3 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	9	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	11	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	93	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

C:\Users\Admin\AppData\Local\Temp\81351025614fa49877fe720b29232748.exe
"C:\Users\Admin\AppData\Local\Temp\81351025614fa49877fe720b29232748.exe"
1⤵
- Checks computer location settings
PID:4520
- C:\ProgramData\Synaptics\Synaptics.exe
  "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
  2⤵
  PID:400
- - C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
    "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
    3⤵
    PID:4088
- C:\Users\Admin\AppData\Local\Temp\._cache_81351025614fa49877fe720b29232748.exe
  "C:\Users\Admin\AppData\Local\Temp\._cache_81351025614fa49877fe720b29232748.exe"
  2⤵
  PID:3884
- - C:\Users\Public\pro.exe
    "C:\Users\Public\pro.exe"
    3⤵
    PID:3352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Synaptics\Synaptics.exe

Filesize
14KB

MD5
16508dee9c7b65d2f9666e2155961edf

SHA1
5d74d96358fa61f1069bcc9ed223ecc728b18578

SHA256
a16c9695cd0890849da7ddf1613abf28bac00370dfad11822fde60edd3722ee2

SHA512
94f838f8e3c4d391cdcee850731781cf7d4b4089718cdc179242fc8b66d343398687f57df6f175b7b030e5f0dadc782cc3b3bc7e31363737e864054ecaeb45dd

Download Submit
C:\ProgramData\Synaptics\Synaptics.exe

Filesize
9KB

MD5
f1a954e02ecf1916eaad514a6a3646dd

SHA1
26412098d3a452cf92d102d6557b36c89cfbcd5f

SHA256
9efa8e1df4f8f9b26741d0857b617af58f7fd48767ff127af1e8f8d9deb0d982

SHA512
bc34bf2f34222912df0cc5e6aa873893477b98d63641b7e4c8e46e444080f8a3f14df017c5ffa91f8aa84ab9aa9b0476c59031dfeda8da6ea7855fceefc7b4cb

Download Submit
C:\ProgramData\Synaptics\Synaptics.exe

Filesize
1KB

MD5
ceff7148fcdf97ededd814ab770bac7a

SHA1
4ddce409c6e34ee24648cd240c54f31ff5578cb4

SHA256
b166baaba60072a40f88c9e44ae566a9871991a9d8f4d8478aac68d59119ee07

SHA512
e3ed0037b1076efd26e28430264239bcadbd894c605d2f0a580d011d22ae323058523a1303e04ed6d5828eb22b9d24339e055f9fd6c9798d99dfc56be0de1704

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_81351025614fa49877fe720b29232748.exe

Filesize
1KB

MD5
f506c681df25f5e6f244c9232134bc6e

SHA1
ececdddce1b9275504654e8c9ad11cf0cf209fdd

SHA256
7c2472d2778ea2e0de1a0506d390e63575ee34c308dbc619ec66175f7eab2849

SHA512
8639614014632edb5746be40f42b68a5113073112853cf1b4265519526d179c67d8da8058fa3dfd9b0a0453b2dfa84c9728b82bff05dc7f1e9bd0252c240401b

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_81351025614fa49877fe720b29232748.exe

Filesize
9KB

MD5
a551e0c0cebf71b88798af9d0511c813

SHA1
e2872235b5687f9c302d88fa1b0a618bcbdf2cb5

SHA256
d7fe8b011d9db9da253f03e6b2fd0457c7f0b6934f2a306d4f590b36e4d5b91c

SHA512
04d7b467a848b7dcd755750d1342d2ea6facc3efcd4b80b24dee6c3d784154942b06c8554e7cddf4daf3da0bf41f917498198ab04ce4190bcce1155b81e358e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_81351025614fa49877fe720b29232748.exe

Filesize
34KB

MD5
5c07bd0af7d87dc591fd3457f49b1de0

SHA1
8b3aab6be4e92b9dd8dd3a38d657e89f4fffd4bc

SHA256
69e6126b6051f0fc10ca7c378678a26425afb62afdb0b726cc5667c1d6191367

SHA512
0fc926cfce1119c80519248f18106fa5725c94a5a34a394d65124f91c1699671599611816a2f2e97e2317416cdb4ff28d84910cbac744a06897d1437cb282466

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe

Filesize
11KB

MD5
faf4b21c65ed6e2eb51cfc7a2c0735b8

SHA1
6561dfe11de262a3cdee3b3e105531e2b6530bcd

SHA256
9ee93e725b47d1566ebbfd555839c4759befc5a9e5ff928869aeb6becbe310c9

SHA512
a86ed6dd371ef0fa5df229731dad1e4c0c943ef04e1d2269213c412d391a299a22a325f846db25fe26e7eff7d17b4786e9709e50018c0a181c8c55caaf89f2f1

Download Submit
C:\Users\Public\pro.exe

Filesize
81KB

MD5
b4e1b06a76f6e5e575eee248fb321cba

SHA1
536fddc0fbaaada8557ca22bafbf7b046e281760

SHA256
6884372047604d0e11181271c4db80a62cf8b4cf79d0b8775b98e82e54b4695b

SHA512
843a0657c223ff59267b60e7e0876576bcaa0d89b55e24a12f6cf32306d5a50766d4852a3a8ab49814b96520d816ca2294e8b55d82b2206423981d51cfb4354c

Download Submit
C:\Users\Public\pro.exe

Filesize
24KB

MD5
c644860366c92353f3d4849e4f220f30

SHA1
83b5ed5026a169a84c34cdf7a0ee0fde0b7e540f

SHA256
b5c252875ed04815b673592976ba06655cdc3b08257c6d2eb4023bf3758ef90d

SHA512
7841a793fc26ba445f85a1f54274194beff456fe248f28a5b3b316756618de01e866ef533772d2b2b87edc3a89ee23f04a498d51f9724a5565a23baf6fa05603

Download Submit
memory/400-129-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/400-190-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/400-192-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/400-197-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/400-213-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/3884-216-0x0000000003B90000-0x0000000003D1F000-memory.dmp

Filesize
1.6MB

Download
memory/3884-226-0x0000000010034000-0x0000000010192000-memory.dmp

Filesize
1.4MB

Download
memory/3884-215-0x0000000010000000-0x0000000010192000-memory.dmp

Filesize
1.6MB

Download
memory/4520-128-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/4520-0-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download