e616b94be81a03448f07f326b9a5e5709ca6765a497f70ae9abc0bd0c1fa6e4c

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2024 06:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd632cbf8694e7b00ab6b804b1e3fecc.exe
Size

106KB
MD5

cd632cbf8694e7b00ab6b804b1e3fecc
SHA1

1811e6bd71e6ed916ee35b053f15aad4c26594a6
SHA256

e616b94be81a03448f07f326b9a5e5709ca6765a497f70ae9abc0bd0c1fa6e4c
SHA512

42ef8755cdbfd44d5d1ced6010da7f9f55a35beab1d9a86b6d903ade227aa89bb18f32ee041c745cf1f877afb0e0bde69df6c70d68e4d39657ac95470b88a02c
SSDEEP

1536:PoHPsTF8QWlJkSJVtqCvOmpR58V8rsKTqECtOBUFQX1n/WYG7V4Bb:tWVqiS8rsKmD+UFktG7V4

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation	cd632cbf8694e7b00ab6b804b1e3fecc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 3968	2696	cd632cbf8694e7b00ab6b804b1e3fecc.exe	101
PID 2696 wrote to memory of 3968	2696	cd632cbf8694e7b00ab6b804b1e3fecc.exe	101
PID 2696 wrote to memory of 3968	2696	cd632cbf8694e7b00ab6b804b1e3fecc.exe	101

C:\Users\Admin\AppData\Local\Temp\cd632cbf8694e7b00ab6b804b1e3fecc.exe
"C:\Users\Admin\AppData\Local\Temp\cd632cbf8694e7b00ab6b804b1e3fecc.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Azj..bat" > nul 2> nul
  2⤵
  PID:3968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Azj..bat

Filesize
210B

MD5
0f062ecd7b9d26e54ac41ca184fb2670

SHA1
61dec71318d74cb1d808bd25bf1553efa2ab3d2c

SHA256
29b00f986cbfed62039b81610b4e3547c41e8c3d7c1f61137b212147f269527a

SHA512
c93b9614e0336c59529f2a177cc1f66255da1ea8e7546b1da1d3005dc062ae15479cff83b09dabf6ed5fd8a5fbb0415d254864d81bd4342800effbf2545858ca

Download Submit
memory/2696-0-0x00000000001C0000-0x00000000001C8000-memory.dmp

Filesize
32KB

Download
memory/2696-1-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2696-3-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download