Analysis
-
max time kernel
168s -
max time network
190s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
05-01-2024 12:51
General
-
Target
43ba79a919a8033f7e8edf5d3fb9b952.exe
-
Size
472KB
-
MD5
43ba79a919a8033f7e8edf5d3fb9b952
-
SHA1
03c1fc41195b133903f88212c7bbbf361c24e953
-
SHA256
ad93d0b33d113936122bfdb3cf7ad5faf1162295885718a01cded407ac7a82db
-
SHA512
e5de06da444ab62a9212ffdaf316500acb639b8528e6e24704b4c72726010269c48af4cac472e52fc9f2cad7d16b2b016cba6753dea02610d8d440c0d24c5af4
-
SSDEEP
12288:TNodBiTI+TpDA6EZO7KUQRZ66z24VZbdrpgrXN2LWzmidN:ZoPD+TpD3vKU6Z66z24VZbFpgJ2LWzm+
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 12 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\43ba79a919a8033f7e8edf5d3fb9b952.exe"C:\Users\Admin\AppData\Local\Temp\43ba79a919a8033f7e8edf5d3fb9b952.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\bugMAKER.bat2⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76B
MD599c4d67fab434afa4b8a3eca4295fd12
SHA1ed4bd5f3a355c36cde8f42ca5fa678d0eb44fb6d
SHA256814c520aac8b4f24c809b1f921ec07dd43aa73ce19c5de858d065fb0b1bb0142
SHA5120f624a88eaa0a8cc5677349d9e3e63bd429f724cfa1b7991c89ee03f8477016a28d4519373b660c9123c867692a62de20e451431e774970c924d8ffd0016aa36
-
Filesize
180KB