Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
07/05/2024, 19:06
General
-
Target
lolek.exe
-
Size
72KB
-
MD5
a769607124f1a9f833a308ff79276f6d
-
SHA1
9a05a188005484a3290c3898c054914f5fd9deb5
-
SHA256
c095a2a027fc3ef6a2e1ef7b44ff20fc97f8ea5e1963443d6de2b8e99f1e9ff5
-
SHA512
38140537c928fe54f6d8ba7f69da02b0698f55e86e68a9425b0ae3f8d641ba099dc770bcd81ad6354e4103150267787e963196eb0ee969fa13dc978816118754
-
SSDEEP
768:ujxovAnvqLQ0TJTIJ4TxwU8X5P4OXeZwlAqZE+BWi+rX00pqB7iB9c14H7xHQzoU:GxkAni0GTlyywlA/tX5AJ4bQoU
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\lolek.exe"C:\Users\Admin\AppData\Local\Temp\lolek.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\i6.bat" "2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
173B
MD50f8f70e88009593eefaa155a8e31b1d6
SHA1eabcc3f2135e0919e9456da0a4b1084f3382d4b6
SHA256941c169c07670650fc6c6148c1cae068b69bac209e05010594e164aafc7cdf8b
SHA51294df468b963f3c9d133a25e1ffa57039fac01fe960f0f738552ca6440e6242ff48d0b410fe70dd05a62e4842c925c9f2b0220ca9eb9cb4ff5490ada443c9a750
-
Filesize
3B
MD5a5ea0ad9260b1550a14cc58d2c39b03d
SHA1f0aedf295071ed34ab8c6a7692223d22b6a19841
SHA256f1b2f662800122bed0ff255693df89c4487fbdcf453d3524a42d4ec20c3d9c04
SHA5127c735c613ece191801114785c1ee26a0485cbf1e8ee2c3b85ba1ad290ef75eec9fede5e1a5dc26d504701f3542e6b6457818f4c1d62448d0db40d5f35c357d74