Analysis
-
max time kernel
144s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
16/03/2024, 01:26
General
-
Target
f6bb6b494742470d95392bccb50d9ed3c47519320c1a66b064855abb71f8020d.exe
-
Size
930KB
-
MD5
76c7326750c8fb67b9e890d4c5e82b19
-
SHA1
2292a46b01ad9d36e26c5f8289720714e9ca076a
-
SHA256
f6bb6b494742470d95392bccb50d9ed3c47519320c1a66b064855abb71f8020d
-
SHA512
76b1c388276478259943b2d7a5e9a9443ac3b2a054befcf3490060e606aa4fb264cbe4d75a785e87dae23b21393b815fddaf1c4e20cdd817326611f991c01049
-
SSDEEP
24576:OrF61FaliOBA7J1ZjqKZPMoWgQPJv+zqL:8P3O7J19qo0ow
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 21 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f6bb6b494742470d95392bccb50d9ed3c47519320c1a66b064855abb71f8020d.exe"C:\Users\Admin\AppData\Local\Temp\f6bb6b494742470d95392bccb50d9ed3c47519320c1a66b064855abb71f8020d.exe"1⤵
- Checks computer location settings
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\f6bb6b494742470d95392bccb50d9ed3c47519320c1a66b064855abb71f8020d.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 26562⤵
- Program crash
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1400 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:81⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2524 -ip 25241⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
6.5MB
-
Filesize
652KB
-
Filesize
7.7MB
-
Filesize
32KB
-
Filesize
104KB
-
Filesize
80KB
-
Filesize
56KB
-
Filesize
68KB
-
Filesize
600KB
-
Filesize
40KB
-
Filesize
104KB
-
Filesize
408KB
-
Filesize
120KB
-
Filesize
304KB
-
Filesize
200KB
-
Filesize
216KB
-
Filesize
7.7MB
-
Filesize
64KB
-
Filesize
6.2MB
-
Filesize
136KB
-
Filesize
304KB
-
Filesize
408KB
-
Filesize
64KB
-
Filesize
3.3MB
-
Filesize
120KB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
40KB
-
Filesize
64KB
-
Filesize
624KB
-
Filesize
552KB
-
Filesize
56KB
-
Filesize
5.6MB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
952KB
-
Filesize
80KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
40KB
-
Filesize
64KB
-
Filesize
584KB