Analysis

  • max time kernel
    95s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-03-2024 08:10

General

  • Target

    e1da96812fef8207fa560ca169de12483064a042c778c353b3c3ffbcf8ca3d32.exe

  • Size

    303KB

  • MD5

    1c44aea625721fa995cce5f3f7f6732e

  • SHA1

    bc688b57662cda7c057d932e7c0c61e6dbda1cdb

  • SHA256

    e1da96812fef8207fa560ca169de12483064a042c778c353b3c3ffbcf8ca3d32

  • SHA512

    ea6b0752b0c67c67aa81082e633badd11fbb5ffb06c002e043cfd85872c788f7fd03b7ce56c77db3c3b19769a15d808d3446c7dfd5087e3b5a3427fb81c982b1

  • SSDEEP

    6144:msLApG5qTzfDJKtJoUTx5JPccJM+FtkedAqsPBXi54F5zVRno0Mhmhs:mWemSYlTgfB1o02p

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e1da96812fef8207fa560ca169de12483064a042c778c353b3c3ffbcf8ca3d32.exe
    "C:\Users\Admin\AppData\Local\Temp\e1da96812fef8207fa560ca169de12483064a042c778c353b3c3ffbcf8ca3d32.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:796
    • C:\uUTClw.exe
      C:\uUTClw.exe
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3756
      • C:\Windows\SysWOW64\explorer.exe
        "C:\Windows\System32\explorer.exe" C:\RlLoBi.exe
        3⤵
          PID:1716
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:676

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\uUTClw.exe

      Filesize

      303KB

      MD5

      1c44aea625721fa995cce5f3f7f6732e

      SHA1

      bc688b57662cda7c057d932e7c0c61e6dbda1cdb

      SHA256

      e1da96812fef8207fa560ca169de12483064a042c778c353b3c3ffbcf8ca3d32

      SHA512

      ea6b0752b0c67c67aa81082e633badd11fbb5ffb06c002e043cfd85872c788f7fd03b7ce56c77db3c3b19769a15d808d3446c7dfd5087e3b5a3427fb81c982b1