39836699eab60099beba5416bde90e6bdba7db1066fd9de564a06397dffaded2

Analysis

max time kernel
144s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2024, 20:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8d3b34c51054b37fa40f8310ee80b2c0.exe
Size

100KB
MD5

8d3b34c51054b37fa40f8310ee80b2c0
SHA1

03dbe63e1bc5db14a84f930c6df3c2b0280ac6fb
SHA256

39836699eab60099beba5416bde90e6bdba7db1066fd9de564a06397dffaded2
SHA512

c64d02ddca38c808d936c6ed5f77e4d66e5b2e64ada4d8ebd1d2bb6f65ccccea08737d75d4b4ce87c91ae229a27b752472a4f4fc70fe562163e4f71720387963
SSDEEP

1536:SzxcMPuYfQxJVgux399nGBKMDwgWsrsm94x1Vg98uPGUt8bfgwlSU6bCz2gCzuYU:SruAQxEux8tDisuyRPGUt8E4+ktY

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Control Panel\International\Geo\Nation	8d3b34c51054b37fa40f8310ee80b2c0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3840 wrote to memory of 1616	3840	8d3b34c51054b37fa40f8310ee80b2c0.exe	90
PID 3840 wrote to memory of 1616	3840	8d3b34c51054b37fa40f8310ee80b2c0.exe	90
PID 3840 wrote to memory of 1616	3840	8d3b34c51054b37fa40f8310ee80b2c0.exe	90

C:\Users\Admin\AppData\Local\Temp\8d3b34c51054b37fa40f8310ee80b2c0.exe
"C:\Users\Admin\AppData\Local\Temp\8d3b34c51054b37fa40f8310ee80b2c0.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3840
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Snz..bat" > nul 2> nul
  2⤵
  PID:1616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Snz..bat

Filesize
210B

MD5
e3ad45be1d1dd414e4877b7b6d141660

SHA1
38425e89a39979991207720be2b186622669ade2

SHA256
3435adbbc67debb16dc739840496f6d414e8459d765f22d148366977c75b33d9

SHA512
ab93b0b12a727b0941647133c949c78ecb3c3b85bea4acf6b73ded96d94359ee095c83f06905c9c4d3c4a2b28fbaca391d747f35c78ed1a4b7eff664ac974375

Download Submit
memory/3840-0-0x0000000000570000-0x0000000000581000-memory.dmp

Filesize
68KB

Download
memory/3840-1-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/3840-3-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download