9e69067c752d6c29be74605863444cfad37c7b501ebe6f7b79cdf8caac91ec38

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2024 08:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

432de01c43ad7d338d1e8c0afd5b9fc6.exe
Size

110KB
MD5

432de01c43ad7d338d1e8c0afd5b9fc6
SHA1

fdb350efe94439b49eaa99bf7f742d8ce2e3a63d
SHA256

9e69067c752d6c29be74605863444cfad37c7b501ebe6f7b79cdf8caac91ec38
SHA512

0d8a8542c003585636826f0e32001a641efa823edbf4086a25ebbdc196f1d5c9f494920f6ee75835295f32590c4e4bce20cdceb71041aabd8976eaaa303d4238
SSDEEP

1536:AUAdaM1qL7ZpRlu7XqCvO1/WYBpR6kS/Vqy9DhAobOBUFQX1ntz:A9djM3u7Xq1BPy3hoUFkpt

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Control Panel\International\Geo\Nation	432de01c43ad7d338d1e8c0afd5b9fc6.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 364 wrote to memory of 4384	364	432de01c43ad7d338d1e8c0afd5b9fc6.exe	93
PID 364 wrote to memory of 4384	364	432de01c43ad7d338d1e8c0afd5b9fc6.exe	93
PID 364 wrote to memory of 4384	364	432de01c43ad7d338d1e8c0afd5b9fc6.exe	93

C:\Users\Admin\AppData\Local\Temp\432de01c43ad7d338d1e8c0afd5b9fc6.exe
"C:\Users\Admin\AppData\Local\Temp\432de01c43ad7d338d1e8c0afd5b9fc6.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:364
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Hkz..bat" > nul 2> nul
  2⤵
  PID:4384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Hkz..bat

Filesize
210B

MD5
45bbe0daa1c2b75b43944a0774bc2801

SHA1
029474bb1864e327910cea462386e96264930fa5

SHA256
7e7cc85fa2c35ccae0323ba5f46cb2c40b708d611301f23c5b2b427a95d668cb

SHA512
f61c5502535a17ebb4ad07b0b890dda48c4f18c93aa4115f2438c02c74a2b2c00968a92bbe4b886ad84f493f0948b859b410283da1d91b4ad602a0f92480e32a

Download Submit
memory/364-0-0x0000000001000000-0x0000000001014000-memory.dmp

Filesize
80KB

Download
memory/364-1-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/364-3-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download