064b545ab43b11732a115f22202f89cebc40451a2144d1a5ba0df045d52b8b84

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 05:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

989e845511599a05762c239c350f2781.exe
Size

50KB
MD5

989e845511599a05762c239c350f2781
SHA1

d7accf372f8700017d98a65794aa36281c473162
SHA256

064b545ab43b11732a115f22202f89cebc40451a2144d1a5ba0df045d52b8b84
SHA512

48dee154c5fc11dce5a5c22ba5c4a30373cae9a6527c985703fd28d709ff9f1cf6413034a368d6b27a00dd4b13bdd2752d35a255545eac9373ae78682d91b1dc
SSDEEP

768:PcGu+aZmwmhgLfoatZ0X1lfx51gSW12t7EyKznRfTIA13tOB0CH:P9Omw7g2GffxbvMznRfTIedOys

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\Control Panel\International\Geo\Nation	989e845511599a05762c239c350f2781.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\989e845511599a05762c239c350f2781.exe
"C:\Users\Admin\AppData\Local\Temp\989e845511599a05762c239c350f2781.exe"
1⤵
- Checks computer location settings
PID:2868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc199.exe

Filesize
47B

MD5
8cebbdcf906d7e7b80bc34904e9bd904

SHA1
9aec1585ae48f2744c74447391b450fc2c972a0f

SHA256
68227354e364f4637416a15ab0d7e98a83deda10e3ce98dd134f0cea55b74573

SHA512
aa7cf43a3c80c8df522e95a763c07be226fb5b53727bee8f4076c0d7a5f7000c08832ca226838ea43554cdf12145db4a9fb67cb3176d19d3f275bdfb20d11b22

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc29.exe

Filesize
47B

MD5
2079de86c2f563b129b99bacca34ac23

SHA1
9cd346283354dbae0118488be07b73e6a9292a1a

SHA256
57e5a4c140bcc8738d1daa3f6cee05aac052218d286f69e4f4303fbc8af19ea7

SHA512
946e89de4a2df78bc3952bb79843c95b137e0494ffba3e0b956aa1073beaf759d14fed9ea033adc2cee1aa8cc272b5a8ea6e23ae74caaf196ff73b555466706a

Download Submit
memory/2868-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2868-1-0x0000000000680000-0x0000000000690000-memory.dmp

Filesize
64KB

Download
memory/2868-2-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2868-3-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2868-44-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2868-64-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2868-103-0x0000000000680000-0x0000000000690000-memory.dmp

Filesize
64KB

Download