82ca44d6e1e9a7c6c7ff7d50c7fd8401f356f8e7a65c1a1f583c6a1c923410a7

Analysis

max time kernel
152s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-03-2024 00:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf5fbe898a470b55699786303e4b549b.exe
Size

46KB
MD5

bf5fbe898a470b55699786303e4b549b
SHA1

1b9d1d22981403d1062f3ce4eb8b3bdca7c05e3e
SHA256

82ca44d6e1e9a7c6c7ff7d50c7fd8401f356f8e7a65c1a1f583c6a1c923410a7
SHA512

76718ce08ae728f6e11075d3733ef876aaa3c9605a1f431bfece0601d645f9314709ab1a98c9268d4ebb0c206a1a918903ee291bb7e34e3d2efbc274b3f16fbe
SSDEEP

768:95Oa+iLUvfEWEobrTIZcxoE4kGccSvxhyVSSqeq0tTxOmLqkcr:HE93jEaIZciEhGl6yVDbqCC

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	bf5fbe898a470b55699786303e4b549b.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\bf5fbe898a470b55699786303e4b549b.exe
"C:\Users\Admin\AppData\Local\Temp\bf5fbe898a470b55699786303e4b549b.exe"
1⤵
- Checks computer location settings
PID:1768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1424 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
1⤵
PID:5052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\showthread[1].htm

Filesize
19KB

MD5
0580e4ea1981276dbefd022dd5013515

SHA1
3b1e055b2d0bd5e6adb4efe3854e74cf65ddce5c

SHA256
75e102d2b3fe7f6d69442bbd22f643d464c236c415714a9cdb23af0befceb7dd

SHA512
b8d2cc43f33c637aaa002cd44ce387d2e31a536022081e9c8e3bc8c08f3471f7354ee4ebef3704822d5bf87709b23075fe0b291459bbc080d4df2ce9518c3d2f

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc2.exe

Filesize
19KB

MD5
b15255425afd1197e15864df0291045d

SHA1
be537c73d7ca767575de8f005a0128e9784f1f33

SHA256
812d70bf8ca15b18755fbc4356677b91890004833a179bac9fee68536133e449

SHA512
35ee5fe81edce6f0562e5eda5f33558f164ba6dcc2dae452ac2ae2b8496df27b160abcb75c4ccd33853f14c20fc74480fb51c82092248f3ef9e6c14d4284bf6a

Download Submit
memory/1768-0-0x0000000002160000-0x000000000216F000-memory.dmp

Filesize
60KB

Download
memory/1768-1-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1768-2-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1768-43-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1768-181-0x0000000002160000-0x000000000216F000-memory.dmp

Filesize
60KB

Download