Analysis
-
max time kernel
139s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
11/03/2024, 23:08
General
-
Target
c1d6b600261c8fa506046e27639d8104.exe
-
Size
23KB
-
MD5
c1d6b600261c8fa506046e27639d8104
-
SHA1
bbbaabbfde4e94613f690a3b3ece8c12fb3c8d4a
-
SHA256
04e4d18d9029c46da00d048441689bea7a2ad67975958d6a452eb5180c67daa6
-
SHA512
2878e066346ea9115e21435c79954ef751b7f42e773c7d298eef41a4b1ef8e733641f5303f1c8ed6bbe655910c0431104af1e539a462af7665a300435e896d14
-
SSDEEP
384:ENwx70GGigxf+FhQrSmtlWCMHQw2iVPnQ3tJgFwmiBGFPYrtDLma8nyYeC0:b773gx2FhQrdtbMHGQ4vBGhYDLma8ndi
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 2 IoCs
-
Modifies AppInit DLL entries 2 TTPs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c1d6b600261c8fa506046e27639d8104.exe"C:\Users\Admin\AppData\Local\Temp\c1d6b600261c8fa506046e27639d8104.exe"1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Checks computer location settings
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SelfDel.bat" "2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
279B
MD52351fb5aace5c30fe307b26ee8029dd0
SHA18de2bde9e5241b8f59b99bcce04f0e7fd5ebb925
SHA256aa30b63e2658b9d0088f15c9192e3e8a5ff06ba91aebdda14d01d21a55d6f624
SHA512f97aab2117e05ae584b47bd37a57649ffd3dd642eb0108fbe1c61656320226da02b3d8ffd0a91fb2f4a2f1fc95eaf84633fcecf31b96311db739cab6260f3af1
-
Filesize
44KB
MD549ed89fb90a0caa60fc5bee22e8273df
SHA1f968692fd23fc949e70667d2c6501fd1bd8a7dfe
SHA25609811d0b3fe3b0d9a77be81d41e3a086f16270b7534a2b283c0d97b4c450c756
SHA512d5740d0ffededb5bab99fbb15afe85d107403c40737ce134b62d9782002e4c68064e5e40ad17473e131662349cb9863deef5bf67a46df8cdd59fc2bfe7ee75ed
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
92KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
92KB
-
Filesize
4KB
-
Filesize
4KB