Analysis
-
max time kernel
150s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
19/03/2024, 09:45
General
-
Target
d5cde7f22f7935faa7b0e8018602a1cc.exe
-
Size
106KB
-
MD5
d5cde7f22f7935faa7b0e8018602a1cc
-
SHA1
9e5957a95bf94ec351a20dad852a2109c3a0584e
-
SHA256
d474389e232291dbd215bebce0a0fd5dc4b0b07267f62242064d5ddf68437b8f
-
SHA512
66efcef18591b0444e2d91d64c8e3b3e72465e70c3ab536e648e96817e594eeae5d6fcf8e21f85df55c2aa5c7aabc6fd60c94b2bc0537095d1a51bcc17cc68f5
-
SSDEEP
3072:m/SfPt12nzNjgqH6LerIIiw6q6EpaGN256l2Ohy:maf1KRjgqH8erdiw6q62256lNhy
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 3 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in System32 directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d5cde7f22f7935faa7b0e8018602a1cc.exe"C:\Users\Admin\AppData\Local\Temp\d5cde7f22f7935faa7b0e8018602a1cc.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 4242⤵
- Program crash
-
-
C:\Users\Admin\AppData\Local\Temp\bf99.exe"C:\Users\Admin\AppData\Local\Temp\bf99.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\jokycard.exe"C:\Users\Admin\AppData\Local\Temp\jokycard.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\iexplore¡¡.exeC:\Windows\system32\iexplore¡¡.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4348 -ip 43481⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4072 --field-trial-handle=2260,i,3303482231723870786,2954015409682154873,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD5d2eca3a9c459f95d4b756764b1493abd
SHA177b689a424375237e71a20db0c225a3decacdda8
SHA256a144309f375c79cb4e6f97b8140a6cf78bac40fabeea5ade91fcc8515c37d2a8
SHA512326ec541cb44107c51a4512191c8256834d88b5089a909de30e263dec7dc87cad0c5db4694d6e3ac74e2bc21f78d9aa1f89688c8fe8858636c4d949e61672bc0
-
Filesize
55KB
MD57c04bae78202b1827a7aaa2854da4fd8
SHA1a699eafc9fab7025ad58f8bc8d50cd371abad3a2
SHA25603638028470a97ace3cd645bdc03db2c087979dde6b97b5e9f921514db9b5155
SHA512a94bfa7aaf4b11901a08e15c319b7c2cf203ab3f59796f99dac6f0f7714cdf6b1fec3908c525796e2bf93c97f8e61f3d7d7de4d2ea407c36f3f3466d5dce36a1
-
Filesize
192KB
-
Filesize
192KB
-
Filesize
192KB
-
Filesize
124KB