a4f33b2ddd3cab475934cbbb3ec93c202eb0410219b745f6245d0a8b65d53b1f

Analysis

max time kernel
137s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2024, 13:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9bdc63610f3db082f4a4ef142922153e.exe
Size

94KB
MD5

9bdc63610f3db082f4a4ef142922153e
SHA1

03e9260a13ebdf142e9eb0bbca6283a202c469a1
SHA256

a4f33b2ddd3cab475934cbbb3ec93c202eb0410219b745f6245d0a8b65d53b1f
SHA512

e57cb5c48929d5d17060de5a2be52c420927106497a6e1b179285ac89363985e93912031a3f567991a63f9a14b7d74ecd89cae11e1b07136a99e28a6ca026038
SSDEEP

1536:pi3w2dCqIAGzLqr3hd9Dt6pNz0XP3XStNLnpfkn4VeaFIy:Yw2vjkLqD76pNz0/8NDasdFIy

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Control Panel\International\Geo\Nation	9bdc63610f3db082f4a4ef142922153e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 1532	2276	9bdc63610f3db082f4a4ef142922153e.exe	85
PID 2276 wrote to memory of 1532	2276	9bdc63610f3db082f4a4ef142922153e.exe	85
PID 2276 wrote to memory of 1532	2276	9bdc63610f3db082f4a4ef142922153e.exe	85

C:\Users\Admin\AppData\Local\Temp\9bdc63610f3db082f4a4ef142922153e.exe
"C:\Users\Admin\AppData\Local\Temp\9bdc63610f3db082f4a4ef142922153e.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Mfv..bat" > nul 2> nul
  2⤵
  PID:1532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Mfv..bat

Filesize
210B

MD5
3af19fda4abfe9f1d5b85e1fea6b0938

SHA1
4ab3bac748d2186d6b90034dc0067022103fbfb1

SHA256
338d5cef462609a420aac8a4164fa57afee19136afe2562939c5baa18eb0764f

SHA512
32e7e0569ac3ba30eaa6ef96fff7c6c7a7c337fc14b0b13b361b127560d82ff0773ab18051d7e5824aa8176724283501c7ba14fa657d1f91909efb3ffdefbd4d

Download Submit
memory/2276-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2276-1-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/2276-2-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2276-3-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2276-5-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download