Analysis
-
max time kernel
92s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
01-02-2024 07:05
General
-
Target
863fb63c46c2124e5f6a67fdd09badd3.exe
-
Size
187KB
-
MD5
863fb63c46c2124e5f6a67fdd09badd3
-
SHA1
16f9a7187e1afeef09136d7902b69972c80f8ea0
-
SHA256
f9215430ff0a9e3a5a6d082e8952c12c70d15b2478ce58153e60d4d977adb1ef
-
SHA512
e67339186ed34b7e04ea7bde6412fee29d122c6beb81aa9ce79bb582f39020c9f55b7a65e275c1da17dbd0fbc579d5360a60f075ec5ff252b5972579a027ce23
-
SSDEEP
3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/e8yX:o68i3odBiTl2+TCU/UX
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 12 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\863fb63c46c2124e5f6a67fdd09badd3.exe"C:\Users\Admin\AppData\Local\Temp\863fb63c46c2124e5f6a67fdd09badd3.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\bugMAKER.bat2⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76B
MD5f2a8fb510fd01b913f53d72c8f9b5ace
SHA19753f1b74c28d1fcab670242050363aeb923bc8a
SHA2567e40973f5ac78484bf7932da37811a1ed8197fa4d81bcd6e2830bbbb304954a5
SHA512ba72db94d6f2cc44929ddf2a1d26836f102b24fc9f8480d28c7a73e6243ee562c1f12fea9e403243dea50a13ebb16dcf09da813d8fadf17099aca897fac6f51c
-
Filesize
180KB