Analysis

  • max time kernel
    121s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-03-2024 23:32

General

  • Target

    Trojan/9reset/9reset.exe

  • Size

    385KB

  • MD5

    d05daaa1e1b95fa203891321f2345540

  • SHA1

    e05de699d799c1366c0d0285a4c0395aa9b69fc9

  • SHA256

    42785338860918c7caeb035d8f5689e258a1768db1650cd4758ac595a5c6a2bd

  • SHA512

    fc63d87da773f145482a2d61d1583ba1f4ec76761522092990d83f710c9f282294d1f83948318a37678c5bd5e3f178fca7a07e6c0cd36643ab17b37902997f3d

  • SSDEEP

    6144:9t5hBPi0BW69hd1MMdxPe9N9uA069TBxq/:9tzww69TLK

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Trojan\9reset\9reset.exe
    "C:\Users\Admin\AppData\Local\Temp\Trojan\9reset\9reset.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:568
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\52E3.tmp\52F3.tmp\52F4.bat C:\Users\Admin\AppData\Local\Temp\Trojan\9reset\9reset.exe"
      2⤵
        PID:3772

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\52E3.tmp\52F3.tmp\52F4.bat

      Filesize

      85B

      MD5

      f2d5cf0bf3d6ec8c6d5dc97af835c5e5

      SHA1

      5b60f43fa6d5810bad58de5f06a0f84dd4aa9bf6

      SHA256

      31ee6e28c82ab165ca3048aec9a88c8590d6f0b94b88e7f87b6ec36d2fa0a24c

      SHA512

      075fb8005c93d9f61dfa07b41424591ff518a6f9c8a1fff74d1e6df39ec56377e48208e08a01485eafeced2880a4b18061ddfa637611a89ce3f252580c2deff9