Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-03-2024 19:35

General

  • Target

    cc3f8ce01ea26c763077eb8d4bbc9b30.exe

  • Size

    20KB

  • MD5

    cc3f8ce01ea26c763077eb8d4bbc9b30

  • SHA1

    ef2fd7dd3a27a90d18838087a59d30b267cf1ba1

  • SHA256

    dc083468804d02b799cf6515b554a53ac45d296814c0aff848efbd8889daa766

  • SHA512

    efa7b10f62750182f50f9fbd738b214b2251ad6f3ecf151ceb96368d433404ac16c0e8d042c418fb76b375d7c6d01fb4e3d4ecaaa536e31d86217a93d2a6d98f

  • SSDEEP

    384:27yJ/Ki+hgnEq7HhSryRdL6KPtjyc754wKtlOl0szto:j/KB219Htjyc756t4l0

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cc3f8ce01ea26c763077eb8d4bbc9b30.exe
    "C:\Users\Admin\AppData\Local\Temp\cc3f8ce01ea26c763077eb8d4bbc9b30.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1584
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\awer0.bat" "
      2⤵
        PID:3680
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3384 --field-trial-handle=3488,i,1267426273081718772,6254127258555406296,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:384

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\awer0.bat

        Filesize

        274B

        MD5

        80a986d5920763c59b2f873ff6e4deba

        SHA1

        cc43bf9a899e8cb10e6ace1084f59b74746d1f8a

        SHA256

        e1698c11765d97e2cbfd52e47b633bc71716a18b0ef1e12f18e0a591d28eb7fb

        SHA512

        12b3035c23dcec8d8255ecd7f18183112b8db148024ad9f2c16127698130a4aca9884784d82513bc0ca3d1360758195a834bfbbde85649994159241c888cd48b