65953e93127ed6263783e2f28ef21f435da819c8be7219c2016445ab55bca1e0

Analysis

max time kernel
156s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2024, 23:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3f4a84b971da2d96da930de5daf59965.exe
Size

68KB
MD5

3f4a84b971da2d96da930de5daf59965
SHA1

e6ec3547141bc160cc2e8ca84c5b5f87494bbdc8
SHA256

65953e93127ed6263783e2f28ef21f435da819c8be7219c2016445ab55bca1e0
SHA512

9235969cc9506efcbfc8e1620fc387193be838766ffad2307fa65e31772a3d7da3852b1716b2e4c457475d44ce4716bb8683ddbcf0263b4aac918318975b3159
SSDEEP

768:VezMfZ6K/l1oOR8k1ZPZFX/ZJlOrse6w:VUwLlmOXZbXxzR

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation	3f4a84b971da2d96da930de5daf59965.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\3f4a84b971da2d96da930de5daf59965.exe
"C:\Users\Admin\AppData\Local\Temp\3f4a84b971da2d96da930de5daf59965.exe"
1⤵
- Checks computer location settings
PID:1240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PG47MANB\showthread[2].htm

Filesize
22KB

MD5
7136bcb230176c5e07afe38dd246ebcf

SHA1
99ed82b6ccb492b0142b364ce6a4fd11f0130341

SHA256
8da5e97f3138bd7d090dd8321206ad0900745463253dd7b6cfbb70651dccfeaa

SHA512
22ae2985ac5b5affcc27bc25d6dab017aef34022289ccea46777fc2767c6bc0b86f94499aaeab71bd3e39ea22d2318742df3d274f002da573fca9452c81ed534

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc182.exe

Filesize
22KB

MD5
b4bd355dd186541b2edcfeecc09130a1

SHA1
3a45b76436af4a1a016771f52f045e4fa10ff820

SHA256
8db64a00608f569127ae89e89e0e89238e88a8ddd44f9c5d6c3da84852ba96ec

SHA512
310004abdb7f865e5d8a3900a8aedc2bdfc3f08807a7d2719d65e30b2036fe0db15a26363869e9991b5934ed786273cc77819c21a1522b43a4a0027bfdf13e9c

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc182.exe

Filesize
22KB

MD5
b855b7fb41e2eae6238c3d764607dfec

SHA1
5dd75ca2e574e6d2068f5db0f6c43e5f4f56bf74

SHA256
3ddfe22ce9bf45fe3f263218f3adea96fbaab8ceb0177467b1f7b40cfd42044f

SHA512
5c1fab6df46a749885688985a98668ca624539652c953b3367d2ccd2e53312051240af0805a053d04377a1d5aacb1798f005b202513452cb815e43422284643b

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc182.exe

Filesize
22KB

MD5
fea3baea733970974bca349d63fac8e0

SHA1
ad11914d80496722ec595d3946eb1e2fe5370c92

SHA256
86420626e1b2ab2b27632e6929f6d06a767c6e0c50cbcb431f263664f22ca9cd

SHA512
e932655ad5c9b61d861b8c0e30d1b39eca2e67c887e1a6431549937094687df45e2f4460528801514bce4f56605d5e88ac135c56e301d02ee55a0ea854063907

Download Submit
memory/1240-0-0x0000000000460000-0x0000000000475000-memory.dmp

Filesize
84KB

Download
memory/1240-1-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1240-2-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1240-43-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1240-132-0x0000000000460000-0x0000000000475000-memory.dmp

Filesize
84KB

Download