Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
08/03/2024, 23:47
General
-
Target
e1bdf745f52435ded322fb3672a91be378c358e4293954582750e3c0fce4dbc2.exe
-
Size
32KB
-
MD5
faa1f60fafd0edddb1c8d603864c644a
-
SHA1
1394edd712b89c2e1db3427b7c7afcec67d78dd0
-
SHA256
e1bdf745f52435ded322fb3672a91be378c358e4293954582750e3c0fce4dbc2
-
SHA512
f86840f4521a030d3726df15caf9a1e2d68e7ca286f38fd54c5e028657f6c68ca03370cdd9be8d7b172f65297177d5db1ecceb28c5ce87190824132c5e9b6934
-
SSDEEP
768:xW9+F8BPtElggggggLvggggggggUaocdFA:ekoqA
Malware Config
Signatures
-
Detects executables built or packed with MPress PE compressor 5 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e1bdf745f52435ded322fb3672a91be378c358e4293954582750e3c0fce4dbc2.exe"C:\Users\Admin\AppData\Local\Temp\e1bdf745f52435ded322fb3672a91be378c358e4293954582750e3c0fce4dbc2.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\btkba.exe"C:\Users\Admin\AppData\Local\Temp\btkba.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD5a58a11fd21d86dc8e209164485f30759
SHA167d78a029a6b873066f0bf00aa391bc73e16bccd
SHA256b46554ef79ef54fe235d70bf0ef266b3d2de867b1895f8ce3ef0e89c8f439ddc
SHA512d13a422d849c637e9ecb20e714140bc64c817dc0609a8714783fac320f7ddca135f8c3e7bb79c862c3ee9c287af1e0be107db935c6fbccf104da58c416bdab8b
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB