26f73dadbf12863e3d02213d80983a235ffb391ab88645e90bd4e13468110b69

Analysis

max time kernel
149s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2024, 19:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26f73dadbf12863e3d02213d80983a235ffb391ab88645e90bd4e13468110b69.exe
Size

86KB
MD5

8c06231fe89d4cc4519a77a8e3bdb88f
SHA1

3a4e6c349adeea7ca85f50a57c6bff6d9e512665
SHA256

26f73dadbf12863e3d02213d80983a235ffb391ab88645e90bd4e13468110b69
SHA512

3af5c40cbd3125dd64af1221a2a97afa167c36b33d461a30c37fd1c69ae16e5b246fec49350f66fa5c67d8489ee1c0a085e60a908e292914492ea486e759ee93
SSDEEP

768:Lj+NMRv4SUM3UMHxyJPx4dQEvW39HQ/cUzJYZhbe0JsSF+NXjijVe4:P+NMFPRAPAI39HQkUzJYZhbpJrui

Score

9^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 6 IoCs

resource	yara_rule
behavioral2/memory/2760-0-0x0000000000400000-0x0000000000416000-memory.dmp	UPX
behavioral2/memory/2760-1-0x0000000000400000-0x0000000000416000-memory.dmp	UPX
behavioral2/memory/2760-3-0x0000000000400000-0x0000000000416000-memory.dmp	UPX
behavioral2/files/0x00070000000231db-9.dat	UPX
behavioral2/memory/2216-14-0x0000000000400000-0x0000000000416000-memory.dmp	UPX
behavioral2/memory/2216-16-0x0000000000400000-0x0000000000416000-memory.dmp	UPX

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation	26f73dadbf12863e3d02213d80983a235ffb391ab88645e90bd4e13468110b69.exe

Executes dropped EXE 1 IoCs

pid	Process
2216	Ikavapit.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2760-0-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral2/memory/2760-1-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral2/files/0x00070000000231db-9.dat	upx
behavioral2/memory/2216-14-0x0000000000400000-0x0000000000416000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2216	2760	26f73dadbf12863e3d02213d80983a235ffb391ab88645e90bd4e13468110b69.exe	97
PID 2760 wrote to memory of 2216	2760	26f73dadbf12863e3d02213d80983a235ffb391ab88645e90bd4e13468110b69.exe	97
PID 2760 wrote to memory of 2216	2760	26f73dadbf12863e3d02213d80983a235ffb391ab88645e90bd4e13468110b69.exe	97

C:\Users\Admin\AppData\Local\Temp\26f73dadbf12863e3d02213d80983a235ffb391ab88645e90bd4e13468110b69.exe
"C:\Users\Admin\AppData\Local\Temp\26f73dadbf12863e3d02213d80983a235ffb391ab88645e90bd4e13468110b69.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Users\Admin\AppData\Local\Temp\Ikavapit.exe
  "C:\Users\Admin\AppData\Local\Temp\Ikavapit.exe"
  2⤵
  - Executes dropped EXE
  PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Ikavapit.exe

Filesize
86KB

MD5
b23a49f019df88d2fd22c704ad590a09

SHA1
b2119ed19f363358b1445840c1421f3c8a90c4c5

SHA256
74de1c9687aea2e917d57db1df335aed1497129780a617d0f21d3542ad4e7c72

SHA512
0bc62ef340c8b138522b58833ed0c2511fe5c537903d4d32c5ed28fdc27596805b32dcba5ce051cc983f34044ff743256ffa6b1687a86a58ca1d985549d6ad97

Download Submit
memory/2216-14-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2216-16-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2760-0-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2760-1-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2760-3-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2760-4-0x0000000000510000-0x0000000000511000-memory.dmp

Filesize
4KB

Download