Analysis

  • max time kernel
    149s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/01/2024, 16:14

General

  • Target

    80480df20528a22dee4ff724e155e4f0.exe

  • Size

    706KB

  • MD5

    80480df20528a22dee4ff724e155e4f0

  • SHA1

    f8d53c2693c7b0a7ec57804cfe73d518d5f858c9

  • SHA256

    7c0c2c2ac8bb363c372b015c46e2bc8e57b895b0e61a7728622c0134f476cff0

  • SHA512

    1a9c711da9cdf2ac26fccce16828dbf91f4c4d664c25547a462b800df005abd97f613f8950e562ce0d9ae6600773782ce69a26e10070971bfe7ce3bfbf48f82f

  • SSDEEP

    12288:gp/iN/mlVdtvrYeyZJf7kPK+iqBZn+D73iKHeGsptI7FNtWS0Oam:gpQ/6trYlvYPK+lqD73TeGsptIpDWPm

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Drops file in Windows directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\80480df20528a22dee4ff724e155e4f0.exe
    "C:\Users\Admin\AppData\Local\Temp\80480df20528a22dee4ff724e155e4f0.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • Modifies Control Panel
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2784
    • C:\Windows\ScrBlaze.scr
      "C:\Windows\ScrBlaze.scr" /S
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of SetWindowsHookEx
      PID:4688
  • C:\Windows\ScrBlaze.scr
    C:\Windows\ScrBlaze.scr /s
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:4488

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\ScrBlaze.scr

    Filesize

    706KB

    MD5

    80480df20528a22dee4ff724e155e4f0

    SHA1

    f8d53c2693c7b0a7ec57804cfe73d518d5f858c9

    SHA256

    7c0c2c2ac8bb363c372b015c46e2bc8e57b895b0e61a7728622c0134f476cff0

    SHA512

    1a9c711da9cdf2ac26fccce16828dbf91f4c4d664c25547a462b800df005abd97f613f8950e562ce0d9ae6600773782ce69a26e10070971bfe7ce3bfbf48f82f

  • C:\Windows\s18273659

    Filesize

    970B

    MD5

    015ffbb5d3b58c63460e0d9d3c8f9589

    SHA1

    4da9636f25a49740beb4e2f424fc45d7cc5947d0

    SHA256

    77679405357e72e5496352774e32b5454396495cc473bc04b0e96f585e18efdf

    SHA512

    43af397a386b344424bd51cd53e3e5dd36b753ff589d35f1b6c7a1dfaafc7e9a27cc3f6e38b36dad98f0a367ad53a0e22364ef5abee47049d4ccb38d58f56028

  • memory/2784-0-0x0000000002450000-0x0000000002451000-memory.dmp

    Filesize

    4KB

  • memory/2784-30-0x0000000000400000-0x00000000004B7000-memory.dmp

    Filesize

    732KB

  • memory/2784-33-0x0000000002450000-0x0000000002451000-memory.dmp

    Filesize

    4KB

  • memory/4488-57-0x0000000002220000-0x0000000002221000-memory.dmp

    Filesize

    4KB

  • memory/4488-71-0x0000000000400000-0x00000000004B7000-memory.dmp

    Filesize

    732KB

  • memory/4688-18-0x0000000002010000-0x0000000002011000-memory.dmp

    Filesize

    4KB

  • memory/4688-31-0x0000000000400000-0x00000000004B7000-memory.dmp

    Filesize

    732KB

  • memory/4688-36-0x0000000002010000-0x0000000002011000-memory.dmp

    Filesize

    4KB