Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-02-2024 14:45

General

  • Target

    a40daeb3dd6687dae9b31900277a83d8.exe

  • Size

    132KB

  • MD5

    a40daeb3dd6687dae9b31900277a83d8

  • SHA1

    7a821d797311f61b9f0ee9c50dd825f66d94d482

  • SHA256

    c3c0bd7d23956c37c1251bc2304528c53ae0a147aa2112c3955590b959d3bf86

  • SHA512

    472c62a065fb8f32e3eed066471b4346f24cb0c45f3e51bc4c2296db540b5080761f746f3fd55e3c54885ea7329d392d79fefebcbb6bb37d8cfc20c2a5787f84

  • SSDEEP

    3072:qApHG6d+xspX7//GSeIlLXkskMvB00bsMyXeWLkf:qApHGaI+7//leIBXTkMZ00bsMyXeAk

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 50 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a40daeb3dd6687dae9b31900277a83d8.exe
    "C:\Users\Admin\AppData\Local\Temp\a40daeb3dd6687dae9b31900277a83d8.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2588
    • C:\Users\Admin\lauof.exe
      "C:\Users\Admin\lauof.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\lauof.exe

    Filesize

    132KB

    MD5

    c73b06c7dde39956b831c82aa10be848

    SHA1

    a1ee5a7b994f83bdbe0a6f24462432e092a33b17

    SHA256

    ce0cd8eabcf302ab4dd2870e5f075013f88a9b2873e796ee62a77f959ba532a3

    SHA512

    456a0aba96ad8a0092aa98964a8eb16269b4d2dd34e5db51e408792aa4106cd09f2262752064c327b781700ec4b92fbc7ca1c27bc87934db540a905d606b9415