fc2825ba33532e17a1c68c4b8fc47af3553fe4ff4d4909b619aab0aecd8f31c9

Analysis

max time kernel
115s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 04:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bfe6dd99b9296945a80c374ef90d2b92.exe
Size

220KB
MD5

bfe6dd99b9296945a80c374ef90d2b92
SHA1

8c92693f7bd6a0300d902e8f5e38075e43a837f1
SHA256

fc2825ba33532e17a1c68c4b8fc47af3553fe4ff4d4909b619aab0aecd8f31c9
SHA512

1c9c5fe1080ae0d3646984e90b9fef2fbb4d5069a0e89d28096d914f34b933720475561e2df146a716e8f9963afbaca1a2b89852add20f182ce71ace55485a6f
SSDEEP

3072:mBvpGeatoWy1ihBrqmqoQn8oRNNt+x8PMw6CC3HpS7xeDs5MBkZ:IceGI1ABrqhVA8PAJSBjZ

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation	bfe6dd99b9296945a80c374ef90d2b92.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 3360	1360	bfe6dd99b9296945a80c374ef90d2b92.exe	98
PID 1360 wrote to memory of 3360	1360	bfe6dd99b9296945a80c374ef90d2b92.exe	98
PID 1360 wrote to memory of 3360	1360	bfe6dd99b9296945a80c374ef90d2b92.exe	98

C:\Users\Admin\AppData\Local\Temp\bfe6dd99b9296945a80c374ef90d2b92.exe
"C:\Users\Admin\AppData\Local\Temp\bfe6dd99b9296945a80c374ef90d2b92.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Users\Admin\AppData\Local\Temp\bfe6dd99b9296945a80c374ef90d2b92.exe
  "C:\Users\Admin\AppData\Local\Temp\bfe6dd99b9296945a80c374ef90d2b92.exe" end
  2⤵
  PID:3360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3704 --field-trial-handle=2272,i,1589057049575649654,2929151440327217574,262144 --variations-seed-version /prefetch:8
1⤵
PID:3332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1360-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3360-1-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download