Analysis
-
max time kernel
93s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
28/01/2024, 15:13
General
-
Target
7d4e211b765f2bfb2448adde3ae4ee73.exe
-
Size
242KB
-
MD5
7d4e211b765f2bfb2448adde3ae4ee73
-
SHA1
4b760746721049c99d78847912a44f19bb14f03e
-
SHA256
f6155c46c72a298d24981504934dd96202b2379b2d05fce81043254bab07b2d6
-
SHA512
9132d0d90110a73544f6d7c2e5294318c947e3989b5b3175910512bfe0755017c7d1a8341ab79180565a4f8f1ab54191b4ed5f9952c9693dbaef97ea7d49ee78
-
SSDEEP
3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/e8rkgnYHfQlAo:o68i3odBiTl2+TCU/Bk8KfQlE3k
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 12 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7d4e211b765f2bfb2448adde3ae4ee73.exe"C:\Users\Admin\AppData\Local\Temp\7d4e211b765f2bfb2448adde3ae4ee73.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\bugMAKER.bat2⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76B
MD5df99c52bd91eb403f3b62035c264ffeb
SHA1f7c4afe3731ba9996df66533740828509c5b2046
SHA256e47da6163e68ee6f1b21c206e61fd2c88f13ed96d31d4239127a1dd8d4300196
SHA5126aa905a8dea4e572ae158f475fce58fa7b2289eb5e8da52a738e0ae2049ac8ede24721ec6a117f52f28244c0bffdcde8af3a7b9933dea46f8fbb1361c376f4c5
-
Filesize
180KB