Analysis

  • max time kernel
    143s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-03-2024 20:29

General

  • Target

    TheMalwaredev-s-garbage-main/Install Windows20.exe

  • Size

    24.4MB

  • MD5

    8c7065d7b4ce7f50e145bd6082204b00

  • SHA1

    40e4bea57fc03d3bed8b4614ec790242cc0650f5

  • SHA256

    9b66b0914cad75dd3072726f0a7b3d21db55bd205f409a6ca46472cfe2a78eec

  • SHA512

    560a438e307e217875a8a9227187e22027dc48c58b9fe1041361d6d8a5cb917728ae22655af084f9b38e45928a7ba1b15eab6e7c2d4d6862391e82eba00583f6

  • SSDEEP

    786432:KJ4Hil5v88iWkupGx7xvkCBiWP9BKBB5zw8:K2CfiWRMaCBiW1+59

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TheMalwaredev-s-garbage-main\Install Windows20.exe
    "C:\Users\Admin\AppData\Local\Temp\TheMalwaredev-s-garbage-main\Install Windows20.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1540
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Windows\SystemUpdateInstalled\doom.bat" "
      2⤵
        PID:1928

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SystemUpdateInstalled\doom.bat

      Filesize

      824B

      MD5

      87ff7a4be8ba06c3d469b27fc8d665bc

      SHA1

      2ddb2e14bb115a85b13cfbe6204a45360c78de04

      SHA256

      c5e12fc8cceb6155d5176025c3aeff5e3d8aef8e54e6eabf5af43f19329a634b

      SHA512

      38a8d7ccc7f447b9e7b61d7f876a4f6de9782b09d1491e93bd0fcd3e15b6552cd6cfe015b020686eecea14a0951ed392abae55490b55af9c393eb02530632c35