Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
15/03/2024, 02:04
Static task
static1
Behavioral task
behavioral1
Sample
ca3380c2298eec5b05ff76a20815c742.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ca3380c2298eec5b05ff76a20815c742.exe
Resource
win10v2004-20240226-en
General
-
Target
ca3380c2298eec5b05ff76a20815c742.exe
-
Size
297KB
-
MD5
ca3380c2298eec5b05ff76a20815c742
-
SHA1
6a02a5529556542bfa6f2d8f004d87743ebde13a
-
SHA256
1c57102a9d720e8bf6ccc938475ccdb85ba5b9dfa655241b7afeff7c95b06e94
-
SHA512
775ee9b5ccc8d135afcbc30136bbfd89d83249d2273593bee1cf52c825cc1c8798d921ff8d52a0be5b5c34541df70f86b9d8708ae48aea845f727bdbb6ba8852
-
SSDEEP
6144:A+IFll+0oUgiyQDCIQkEcB0tLpwXcN+j4+Xi:A+IFlg0SCDqcbMYE+Xi
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation ca3380c2298eec5b05ff76a20815c742.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 4288 ca3380c2298eec5b05ff76a20815c742.exe Token: SeManageVolumePrivilege 404 svchost.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ca3380c2298eec5b05ff76a20815c742.exe"C:\Users\Admin\AppData\Local\Temp\ca3380c2298eec5b05ff76a20815c742.exe"1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:4288
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:2432
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:404
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60KB
MD5c292faaa9ce424fa392c9836cad48740
SHA1ed1d3a7680166f84902661fe6bb7f70df395fae3
SHA256532fb967599e2271aec396e265c67a0645dff91203e321ffbcafd667aa334058
SHA5120872005be90360c0f0c8377b4a2de3d7c0958bb33db0f14831d4f2c9b538e5c1d0f7ad8fca2d98b7eb2eb4ba28c3083850b4e496056b9427096e5741a7b709a0