9098af90fe88f5232628820106f8e857b002e1d11671ce15719654a910781b99

Analysis

max time kernel
133s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 02:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8e0547f01482645878a433b3375f1a51.exe
Size

61KB
MD5

8e0547f01482645878a433b3375f1a51
SHA1

edf509316a58f3975c5cff4ca35d67a180cbb910
SHA256

9098af90fe88f5232628820106f8e857b002e1d11671ce15719654a910781b99
SHA512

4e923f6233ef27efff75206550d860ed8fdeccead1ff66dca0629c1b964def0ef7be4580e523c2f28938bc89ca98af442afeb4b66ae6ae38921f174e71683f9b
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjyaLccVCbmhGz:V6a+pOtEvwDpjvs

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation	8e0547f01482645878a433b3375f1a51.exe

Executes dropped EXE 1 IoCs

pid	Process
752	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 808 wrote to memory of 752	808	8e0547f01482645878a433b3375f1a51.exe	85
PID 808 wrote to memory of 752	808	8e0547f01482645878a433b3375f1a51.exe	85
PID 808 wrote to memory of 752	808	8e0547f01482645878a433b3375f1a51.exe	85

C:\Users\Admin\AppData\Local\Temp\8e0547f01482645878a433b3375f1a51.exe
"C:\Users\Admin\AppData\Local\Temp\8e0547f01482645878a433b3375f1a51.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:808
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
61KB

MD5
5e9f43d83238ab9bddf86aa782732713

SHA1
eae802d31ca8660cdd7a158f72c8babc461616c8

SHA256
25418589b4b94b99c481145f3c9f176f9f08be86331f703fecc736adf5f6b0c0

SHA512
acc0a65704d2997fc38c61c2ee38eab50d9e705d99fd16589a684fcff52927de65278f4d92b0639e2882af7f8f3cd0fc83f7721322be8187dfaa2d7f4e2ff7af

Download Submit
memory/752-17-0x0000000000660000-0x0000000000666000-memory.dmp

Filesize
24KB

Download
memory/752-20-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/808-0-0x0000000000670000-0x0000000000676000-memory.dmp

Filesize
24KB

Download
memory/808-1-0x0000000000670000-0x0000000000676000-memory.dmp

Filesize
24KB

Download
memory/808-2-0x0000000000760000-0x0000000000766000-memory.dmp

Filesize
24KB

Download