Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/03/2024, 21:32

General

  • Target

    7f02d1ddec3408e30540d23cb5c1c52b87cad76c81b8bdb01c0c109b2110ea52.exe

  • Size

    144KB

  • MD5

    55e10a94b3902e34a4658d89ba65c088

  • SHA1

    e267b0f05a9b8f080383b0636e830828b34bf0d8

  • SHA256

    7f02d1ddec3408e30540d23cb5c1c52b87cad76c81b8bdb01c0c109b2110ea52

  • SHA512

    b581928c7cefd72d5980e272c136b668059b769146c44e8940bd12ab17cb912fdfd9c25770357f5207a904ec98a19ff9f4243c1d4cc2839340690fd4e3f000d2

  • SSDEEP

    1536:1i+N6u0utYGsoK2mEGIBp+WWN7YfEj77iZ76vVGU2AjK15t5uPpdrcIPWAWvnTX4:wYYutRQSc/7c6tJK7t5uPpdrxOhvnTo

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f02d1ddec3408e30540d23cb5c1c52b87cad76c81b8bdb01c0c109b2110ea52.exe
    "C:\Users\Admin\AppData\Local\Temp\7f02d1ddec3408e30540d23cb5c1c52b87cad76c81b8bdb01c0c109b2110ea52.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1284
    • C:\Users\Admin\AppData\Local\Temp\huter.exe
      "C:\Users\Admin\AppData\Local\Temp\huter.exe"
      2⤵
      • Executes dropped EXE
      PID:2916
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sanfdr.bat" "
      2⤵
        PID:3632

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini

            Filesize

            512B

            MD5

            55d2fdd1432483e3ba86ebeccfe130b6

            SHA1

            7280b14d708800fd15303b2caa8628a0fbd7aa08

            SHA256

            5cfd1668ec0e5f3b5f8d04e54091d6f173bede6e6f9bb418819fd550095139fb

            SHA512

            36fd81128552356672b52936699c5e6362268c8131857e778e02a6862600c4feb20d13063d5f838e0887cb5083c648d39fe07faffba18c26387760752f9dd1f3

          • C:\Users\Admin\AppData\Local\Temp\huter.exe

            Filesize

            144KB

            MD5

            eb4db9ef9bf87764a8a1bd6a63305c93

            SHA1

            91d8ed1077f2d7a7d7e3e3129d7d22ed8aafbaf9

            SHA256

            7f6f2bbfb713f8f1d8c2231c8f97d917ffce815aeb7bdea0eca989a81e5947d6

            SHA512

            f084f105e30297e7a5f02727ab2e90cac248973edda80ac904e5646192e777f6937badd317dd9dd3931f3b931b36614ef99d2cb821dfa8e74499f9876ed3bab5

          • C:\Users\Admin\AppData\Local\Temp\sanfdr.bat

            Filesize

            338B

            MD5

            d388148d77b8449ac1a2587cf34a5167

            SHA1

            adea710e690f9a619e0bbd4a0e4d4f5195992c48

            SHA256

            e1ef321bd4e6fe5ec34a1719d9e79ceac6400e8867953d92b35565f9c7f50d76

            SHA512

            e9acbd7d167d43aac80d5e88e8be7fb31b43ac326b2fc0400f565f505908a5be8835a28c72464021ad1c915ffbd7d29f01cda102f7c90445d6ad34c9c2a886cb