8c6d74e84cfe574df1fd8572d4a9aec814d5885d8109c5f06ab90d9fc0904fa2

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 03:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d0751585bce19ce09bfe59b11fc05084.exe
Size

46KB
MD5

d0751585bce19ce09bfe59b11fc05084
SHA1

4e08cc0f4633e20ff26739bd45074ff81408d0fb
SHA256

8c6d74e84cfe574df1fd8572d4a9aec814d5885d8109c5f06ab90d9fc0904fa2
SHA512

0cb36a4c551abf5965f08899c41e492744f4131b506119c1cc8f7363348f09233f13c00a5cc27819c746e9332f8bba69074155f496a5679381f38655c11056a2
SSDEEP

768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpjeJQ7suIlsw92KFXckdpT:V6QFElP6n+gMQMOtEvwDpjeJQ7pojakP

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation	d0751585bce19ce09bfe59b11fc05084.exe

Executes dropped EXE 1 IoCs

pid	Process
764	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3568 wrote to memory of 764	3568	d0751585bce19ce09bfe59b11fc05084.exe	86
PID 3568 wrote to memory of 764	3568	d0751585bce19ce09bfe59b11fc05084.exe	86
PID 3568 wrote to memory of 764	3568	d0751585bce19ce09bfe59b11fc05084.exe	86

C:\Users\Admin\AppData\Local\Temp\d0751585bce19ce09bfe59b11fc05084.exe
"C:\Users\Admin\AppData\Local\Temp\d0751585bce19ce09bfe59b11fc05084.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3568
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
46KB

MD5
085f030bdfb34c17db0430b7deb200c5

SHA1
8062f54d5ab15edd46a79261f7056083f97d5a7b

SHA256
a49961297b6942c17762f3fb2d1baf7d5c6652e62899b3337c89a66cbb0cadab

SHA512
7500fe60a6da4669322ff5e78d517e7d16b51f09f1462d3aae458d80e9957b8b69855e1201f45f278b3540b35e383a9f41c9b6a57b07487f6063504e54e80704

Download Submit
memory/764-17-0x00000000004F0000-0x00000000004F6000-memory.dmp

Filesize
24KB

Download
memory/764-19-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/3568-0-0x00000000005F0000-0x00000000005F6000-memory.dmp

Filesize
24KB

Download
memory/3568-1-0x00000000005F0000-0x00000000005F6000-memory.dmp

Filesize
24KB

Download
memory/3568-2-0x00000000021B0000-0x00000000021B6000-memory.dmp

Filesize
24KB

Download