Overview

overview

8

Static

static

3

RUSSKAYA-GOLAYA.exe

windows7-x64

8

RUSSKAYA-GOLAYA.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    83s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/04/2024, 11:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RUSSKAYA-GOLAYA.exe

  • Size

    239KB

  • MD5

    3730b5f97b072915e3543161c40f31a5

  • SHA1

    cf9d927d863408c27eb855b1f213a3be692848b2

  • SHA256

    f6995a80e724cd266992ce7b856085a54e8567466ca1dbe8c3eba8977eb70b9c

  • SHA512

    fa0404bed565520dbc58b1f3b5abd0026ed3979eaaf736811bbed1e1e2523770bfd8b80c01faabf6f57b486e246b0bbcbe009098d27b2c081f8afef8c4f9d0d1

  • SSDEEP

    3072:mBAp5XhKpN4eOyVTGfhEClj8jTk+0hB+iwDomG0Ej+Cgw5CKH6:dbXE9OiTGfhEClq9Q+pD7G0VJJU6

Score
8/10
discovery

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Drops file in Drivers directory 3 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 17 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RUSSKAYA-GOLAYA.exe
    "C:\Users\Admin\AppData\Local\Temp\RUSSKAYA-GOLAYA.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2964
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\suda nana stavit etot soft\111 222 333 444 555\make_it_now_nuce.bat" "
      2⤵
      • Drops file in Drivers directory
      • Drops file in Program Files directory
      PID:5052
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\suda nana stavit etot soft\111 222 333 444 555\Tosupportprofessionalssucas.vbs"
      2⤵
      • Drops file in Drivers directory
      PID:748
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\suda nana stavit etot soft\111 222 333 444 555\DbIwillencouragimprovementsin.vbs"
      2⤵
      • Blocklisted process makes network request
      PID:3252

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\suda nana stavit etot soft\111 222 333 444 555\DbIwillencouragimprovementsin.vbs
    Filesize

    165B

    MD5

    58b23bb8d3cc6122cca4b8fda6fc6d95

    SHA1

    9b110d3a2ebae69b86b6acf57a0db7b26983ff2e

    SHA256

    dcb69be9267912859c9b524dbcc219fd90b2e861a27cc044c6007ad7d0ad79e6

    SHA512

    c818f840e080d194027290bbd7b22b57dd7b02c6a2bf68d6fde101c014d44cfa6c28bb0dea63bebb8165ed7e53f9273ec1ba4b86c03879bdba64e83415713975

    Download Submit

  • C:\Program Files (x86)\suda nana stavit etot soft\111 222 333 444 555\Tosupportprofessionalssucas.educators
    Filesize

    718B

    MD5

    1e62673f38aa090d56fbabb92edd00f9

    SHA1

    dc87bb0294e1c7c80331d77b51d5532b5edfcf75

    SHA256

    3b356fd93c5212d3370f267c8a8aa9e216c0310d8ef659c9c039882a0f482180

    SHA512

    39e710b486210a82aee45a0c996a92a93defe40bbfe6f9a33ff64258910eb99a8a077f9e1f74e0ad5547cb9a5a621d13a5584b1de373ee4f974392c0dd394217

    Download Submit

  • C:\Program Files (x86)\suda nana stavit etot soft\111 222 333 444 555\Welcometothenew.home
    Filesize

    117B

    MD5

    fe39de114462acf258914b91d212ad17

    SHA1

    64ec11557aa6dec81d19f8bb367651de31f5da64

    SHA256

    e31dd67c395263da489405007e2a74a08c9cabb7aed09364a3ae90794cf6f401

    SHA512

    1a0d56e4749029515526cdbe9d87229d23dfa8d0c9dea72fda2b593bf3edafd92724af5277006a9167c940c5511ddd4e5019d9c0d7233aa8ecec20a3d16fb903

    Download Submit

  • C:\Program Files (x86)\suda nana stavit etot soft\111 222 333 444 555\make_it_now_nuce.bat
    Filesize

    2KB

    MD5

    4ef391f7bc0c349d62c793b066130e77

    SHA1

    a7ce780119875d02868fadc733ce15287974cba3

    SHA256

    2192bd53a1f1139564c0e07f3257d6fcb29adc6fb37e472bc392bed221b5e88c

    SHA512

    fff96f24aec4c844f6d830f81f6c1da9e91582ec3d39fbf1916fe2a4d94335252eb6606d52d28e5d704e2ece4022b81fa0c9f0ae07a4f18d719715a6354e1a2d

    Download Submit

  • C:\Windows\System32\drivers\etc\hosts
    Filesize

    1KB

    MD5

    435d5b9ac8adeb9d27fad84bf5303c6b

    SHA1

    bde744ec28854dae3189115a948db25c2e21a886

    SHA256

    8c2c870afff5c4585252a9bc7675674b5756f316bb2bd0d63c09ee07972ea411

    SHA512

    4460ee340753053374c72342d5f0878fc30a1f10d4cbde5b55440932479ab35d42487af08a27703dcf06dedf875b25ec9a888974f8adeee3243afd2f9425cb8e

    Download Submit

  • memory/2964-46-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2964-48-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download