Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
11/01/2024, 20:21
General
-
Target
547cff66f096f5e820d99719ab060740.exe
-
Size
26KB
-
MD5
547cff66f096f5e820d99719ab060740
-
SHA1
84f34cf97139085d9e55b868c28223bd8de72cf4
-
SHA256
39deec5d0ed26a28e277dead5387d66eff20c5895fa3f67f12bf6d95c13fab93
-
SHA512
74aef5bfd107181c2640ba9b9f1c28b669a4509af8bc2b27bb323a2ef07b5ff7f893b821e323e244132fa8cf170d07c60bf2bcc1639270ae83d3181d9a2bd28a
-
SSDEEP
384:wLIkUXMspJe7LWDjtw4pvTpquJ3FJ597ycccQxulIrWJlDXOhtksTOMTQAQAyW07:uIkUXZKytqu3797yccc0uG2gBkMyW07
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\547cff66f096f5e820d99719ab060740.exe"C:\Users\Admin\AppData\Local\Temp\547cff66f096f5e820d99719ab060740.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\File Name.exe"C:\Users\Admin\AppData\Roaming\File Name.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
9.6MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
4.8MB
-
Filesize
64KB
-
Filesize
664KB
-
Filesize
32KB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
9.6MB
-
Filesize
64KB
-
Filesize
624KB
-
Filesize
64KB