4a27e68e8e88f5fef617f922f84617e00e7409c85ce91c35b34145affab35c0e

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 04:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d52714d0361c5453aeb18ecebf1faf88.exe
Size

162KB
MD5

d52714d0361c5453aeb18ecebf1faf88
SHA1

e2af6fe7073c3484d2120e1a61adddd9bb45812e
SHA256

4a27e68e8e88f5fef617f922f84617e00e7409c85ce91c35b34145affab35c0e
SHA512

5636e2c3a71d4013714a226e62563a76aed3f93bb4d286e157b69f82b5b292134efef3d088972beccba135de057ae840560dfd7de2958472b78a00129c073b79
SSDEEP

1536:0vn9DmOPj3/EyIR1Y+IjIVZgFNyifN/E3+gHurSwzMpE1gNYlVLNu:0l3TIR1YzNy8E3+dGna1rLNu

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	d52714d0361c5453aeb18ecebf1faf88.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4184 wrote to memory of 1980	4184	d52714d0361c5453aeb18ecebf1faf88.exe	93
PID 4184 wrote to memory of 1980	4184	d52714d0361c5453aeb18ecebf1faf88.exe	93
PID 4184 wrote to memory of 1980	4184	d52714d0361c5453aeb18ecebf1faf88.exe	93

C:\Users\Admin\AppData\Local\Temp\d52714d0361c5453aeb18ecebf1faf88.exe
"C:\Users\Admin\AppData\Local\Temp\d52714d0361c5453aeb18ecebf1faf88.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4184
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Nrz..bat" > nul 2> nul
  2⤵
  PID:1980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Nrz..bat

Filesize
210B

MD5
01ec4e011d87cea2be6a71df244271dd

SHA1
12fa356688f6cbca67ec34626e2d2adb8c58209f

SHA256
d3ad5614f5c6978f734bcc659024ac3e75561029e04c6b1e17c481b343f44e68

SHA512
e7272e15ca2570eeaf48ad41190e60e72a7f86571527853408c07d7de210d24c8993a863cf4f8bf09be213a600544c6dff75b46166a3ff111cd347e3f8e53919

Download Submit
memory/4184-0-0x0000000000A10000-0x0000000000A22000-memory.dmp

Filesize
72KB

Download
memory/4184-1-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/4184-2-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/4184-3-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/4184-5-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download