Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240220-en -
resource tags
-
submitted
21-02-2024 02:14
General
-
Target
3e206bbe2a12cc7d2213b169fbdc39ef.exe
-
Size
49KB
-
MD5
3e206bbe2a12cc7d2213b169fbdc39ef
-
SHA1
dd0cfe7f3dd8025f7ba4ac73a0be94a055ac4441
-
SHA256
813dac69f9fd245fb1f8d4cd315aff8a0c1d0e38de36d955317ae37e31228b8d
-
SHA512
a2e0a37d3ed74454deaae2e62e806efb1587efec536faeebc42ba49aa85ac5a92af657027f8823cc8993e8d98134eed04885b8bf24e33f3923abbf733de27686
-
SSDEEP
768:X6LsoEEeegiZPvEhHSG+gp/BtOOtEvwDpjBVaD3E09vxd:X6QFElP6n+gJBMOtEvwDpjBtExd
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3e206bbe2a12cc7d2213b169fbdc39ef.exe"C:\Users\Admin\AppData\Local\Temp\3e206bbe2a12cc7d2213b169fbdc39ef.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
50KB
MD50063719ade06ff987d4d80dbb29268d9
SHA1ca9e5b9420de6c7b26e348503f5ff59a6feb2bb0
SHA256ab9a6edcc26696685c8a0f12441e78a21d12b6226153634e304eb889e69e9017
SHA512dee604ddf043883ac17949c3baaf166df5c57604dd8ce030349d80544373e274d86c6dc99eb0f2d0bdc6e601a21492cd4ef47cb8604dd28f9a136852f4b595b3
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB