e4f672683b00a45ae646ee796691cce4f779a9e9817e610c2b024ee3270bd259

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24/04/2024, 21:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e4f672683b00a45ae646ee796691cce4f779a9e9817e610c2b024ee3270bd259.exe
Size

153KB
MD5

1a6ed4664d54cdd8fb78f8018f208c2d
SHA1

9d5e914358f57003a1361c0e2c808744c916f0c8
SHA256

e4f672683b00a45ae646ee796691cce4f779a9e9817e610c2b024ee3270bd259
SHA512

6f9a3bc043755495ca072470173f0eeec1823e8a4b04426508c6b909ce9c3007deeb2ce554762314b81839e6c2087a366e9f8ede61c0cc38051510969a6e0caf
SSDEEP

3072:Ntbqvi9nMKxQbZ5x66EfACsxfcYvQd2OejE:Nt2vsx+AV4LfLOqE

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Control Panel\International\Geo\Nation	e4f672683b00a45ae646ee796691cce4f779a9e9817e610c2b024ee3270bd259.exe

Executes dropped EXE 1 IoCs

pid	Process
624	biudfw.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 624	2236	e4f672683b00a45ae646ee796691cce4f779a9e9817e610c2b024ee3270bd259.exe	90
PID 2236 wrote to memory of 624	2236	e4f672683b00a45ae646ee796691cce4f779a9e9817e610c2b024ee3270bd259.exe	90
PID 2236 wrote to memory of 624	2236	e4f672683b00a45ae646ee796691cce4f779a9e9817e610c2b024ee3270bd259.exe	90
PID 2236 wrote to memory of 1640	2236	e4f672683b00a45ae646ee796691cce4f779a9e9817e610c2b024ee3270bd259.exe	91
PID 2236 wrote to memory of 1640	2236	e4f672683b00a45ae646ee796691cce4f779a9e9817e610c2b024ee3270bd259.exe	91
PID 2236 wrote to memory of 1640	2236	e4f672683b00a45ae646ee796691cce4f779a9e9817e610c2b024ee3270bd259.exe	91

C:\Users\Admin\AppData\Local\Temp\e4f672683b00a45ae646ee796691cce4f779a9e9817e610c2b024ee3270bd259.exe
"C:\Users\Admin\AppData\Local\Temp\e4f672683b00a45ae646ee796691cce4f779a9e9817e610c2b024ee3270bd259.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Users\Admin\AppData\Local\Temp\biudfw.exe
  "C:\Users\Admin\AppData\Local\Temp\biudfw.exe"
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sanfdr.bat" "
  2⤵
  PID:1640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\biudfw.exe

Filesize
153KB

MD5
c481695ad4573837fdbcb7561f3722a9

SHA1
873e40578aca8650c9b23bf60973f18ff3acade2

SHA256
2fee426f923b7ae669064b7191bd81453ed1394c5a646c0fec0cd9ab28f1b91d

SHA512
eb4ca0b60bb67d45e6c5ee97d17247ca4f42829a5bc2cdfae5b76fdbf009f9c73d7a330a5245d826ef6426b23e3c09a8918749a73880fa2ad6763a1f5d526732

Download Submit
C:\Users\Admin\AppData\Local\Temp\golfinfo.ini

Filesize
512B

MD5
2930c042c9ee5e07f321f2134a0c7edc

SHA1
ee39f41eaf6ce3c8d917a89e65959414ae0088e6

SHA256
a328475bbb730da292b83ed6cabbdbfc0616f042296f0c6fa356c5368ffc1309

SHA512
2da91d5effc116d8c8661c2a99f1d9c2aaffda0f776551dc7ad1911fdb2765591e5b441b9a1fe0090bcda8ed24d180b563ed2c127676cf1de40001e4b15b5506

Download Submit
C:\Users\Admin\AppData\Local\Temp\sanfdr.bat

Filesize
338B

MD5
884f6746d67dde2e4542491fa1e1ceea

SHA1
7cb0cf4dbd5168cbae9fff92a95ce7a07feba97e

SHA256
44e869d448c45a0cc26afffb719c5928c4e44087906f3b5a99c2faba802a841e

SHA512
c905df1c4e6724938d37703dbadd30121a4edb4a2cabd60bf4a6ea74f04cd140d1f62d6c8c2895407ed08842e6c766ea484ad65f8dba45e553ec9da862148aa7

Download Submit