Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
16-05-2024 02:24
General
-
Target
b4f0731bb86b637b94e63ad020dbf717e3d95c98b5eab101a1dfe2a0e8b0844e.exe
-
Size
7KB
-
MD5
49fa3a424cd07ddb37a9b6d126811fd4
-
SHA1
302442a40938b576561aaec620fec573e1b3171d
-
SHA256
b4f0731bb86b637b94e63ad020dbf717e3d95c98b5eab101a1dfe2a0e8b0844e
-
SHA512
3aa650feef70422d7a731bda4b2d63e49d1075f9526c620cfc46faa7c645ab3211dc4c12750cb963a2169e6480cbe8171ef19581613d2cfb598e657100043fcb
-
SSDEEP
96:DJOqSXslYquHnnwR2UM2ClAhx/Jh8oeKcRgc1gqt:XS8AnwR2FBALJ2oeHRb1Dt
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b4f0731bb86b637b94e63ad020dbf717e3d95c98b5eab101a1dfe2a0e8b0844e.exe"C:\Users\Admin\AppData\Local\Temp\b4f0731bb86b637b94e63ad020dbf717e3d95c98b5eab101a1dfe2a0e8b0844e.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\huty.exe"C:\Users\Admin\AppData\Local\Temp\huty.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD5f25ef551875ee01f43aaf019da8634be
SHA1fa6db13810b336a26b208b2710f393bb1f88714e
SHA2564d71662e8d51e17273d3325dd5ffaa70be309368b6b65d73a40558b361693cbc
SHA512faaa8d923ff18479998342817ba83e2f888f8240a0f57b10ca255cc5e5e03bc37ffc8b61878939b613fa94f292fb565e92acf3cc4a11f51dca367c25d48f8e17