Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/02/2024, 18:56

General

  • Target

    8fe72633f6b0fb3ab0e91047b9e9dfc7.exe

  • Size

    20KB

  • MD5

    8fe72633f6b0fb3ab0e91047b9e9dfc7

  • SHA1

    e42c34d891bb2c0f6e59974ad1d9e5b1912ac4e8

  • SHA256

    8b03a03fab5823b2c1d25512f55cc08452fb3a8fda6c83c53bbba7bbdb6bc42e

  • SHA512

    30030518802018356e9bb2ff1768ff7a476be934648cc579681bf74f4154de09c316e5b10307ac37402399911723d605afced8473647321b87ac5c5681149b7d

  • SSDEEP

    384:9KWrXbCVnik0JoOJTEzeMFvg9to5eR3POfbEoRrJ1gaG:9jrVEaMO9tAeNeRY

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8fe72633f6b0fb3ab0e91047b9e9dfc7.exe
    "C:\Users\Admin\AppData\Local\Temp\8fe72633f6b0fb3ab0e91047b9e9dfc7.exe"
    1⤵
    • Checks computer location settings
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1916
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\delt.bat" "
      2⤵
        PID:1212

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\delt.bat

            Filesize

            214B

            MD5

            f73a3b3d034e62ea99d1f4e01b6cb41e

            SHA1

            22f63a73d1d28de7270fb6615c0d0059b5043f7c

            SHA256

            5dd75c9f9a26d02c0d646d1dd6c886c63f6af52104f1637d19eb7ccafd6d1f88

            SHA512

            b59771f658c4d12693c4db333e15f132093f868e87bd111de5384bc47cb921987899c3c6f078faf650b26aeda299560bfce7514077fbbb45102505abb23272b1

          • memory/1916-0-0x0000000000510000-0x0000000000519000-memory.dmp

            Filesize

            36KB

          • memory/1916-3-0x00000000001C0000-0x00000000001C7000-memory.dmp

            Filesize

            28KB

          • memory/1916-6-0x0000000000510000-0x0000000000519000-memory.dmp

            Filesize

            36KB