39f0c5a558004eb1eca93206bf199c161ef5056f0d882b62049f947237de10ea

Analysis

max time kernel
93s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
03-02-2024 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b11e4e90a9a92a25bc337a375aa1fd2.exe
Size

124KB
MD5

8b11e4e90a9a92a25bc337a375aa1fd2
SHA1

0d411adbca5ec93584be6f30ce979218b52b880e
SHA256

39f0c5a558004eb1eca93206bf199c161ef5056f0d882b62049f947237de10ea
SHA512

b9a47017e6613aca5d1eb784daf47bcadafbe1f5c5b76173b475ba31f9eda69b7f6281365c520263d23c74d805369abf910ec737cba3c407c8b4c91d44451caf
SSDEEP

768:37v+xk0gFiNMZrWjM+9Z5nS0LAy7Pu6slcTBBW+9Bkhkx/iRerSNmKFaxb1RxjYu:37v+xkENurWNn5nS0LlKkleEci5RhB

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation	8b11e4e90a9a92a25bc337a375aa1fd2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2920	8b11e4e90a9a92a25bc337a375aa1fd2.exe
2920	8b11e4e90a9a92a25bc337a375aa1fd2.exe

C:\Users\Admin\AppData\Local\Temp\8b11e4e90a9a92a25bc337a375aa1fd2.exe
"C:\Users\Admin\AppData\Local\Temp\8b11e4e90a9a92a25bc337a375aa1fd2.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\start1.exe

Filesize
486B

MD5
0fe255759d21534ca52068fa81820169

SHA1
76a9aa6ddcebf7f33ba76d1d6f42857d139284b2

SHA256
ef67e30934f7e929091e11b24ff4ebd0e3e227cabe5d6ca5cd61dc5846d1679f

SHA512
6d546b23661a9f7367e51788e7685d8244a4f5f399fd6908f5faa9593fb98ad02ee2b46165bc28bc034800301275efdbd453bc6f9efb920da4d9666f7fb79bca

Download Submit