Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-05-2024 19:48

General

  • Target

    24416850254f0b56d2a2bbe8648c60e08f5e9da3b85d8df6c684e5549f59ee9c.exe

  • Size

    1.9MB

  • MD5

    83a5cbe75e78ad4c7232f85a4fe0833f

  • SHA1

    256a83a9c745a4b4d648654a5b97a529f2f463b4

  • SHA256

    24416850254f0b56d2a2bbe8648c60e08f5e9da3b85d8df6c684e5549f59ee9c

  • SHA512

    66966ad48a27f013d6f53386baf00b70d2afc9fbdb0dc98e628928e9066a41a8da497b572b18e384d8d08d42f2fa2be2adaf1f0388b6acc2aa1811b2d540dd14

  • SSDEEP

    49152:jmoGDPt1mEQJPA8cIZ3eXx5g5R6xKAgAU5Km:jmoSEEQDJZExiHoKAlm

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24416850254f0b56d2a2bbe8648c60e08f5e9da3b85d8df6c684e5549f59ee9c.exe
    "C:\Users\Admin\AppData\Local\Temp\24416850254f0b56d2a2bbe8648c60e08f5e9da3b85d8df6c684e5549f59ee9c.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3632
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" A8~c.D5 -S
      2⤵
      • Loads dropped DLL
      PID:3648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\A8~c.D5

    Filesize

    1.6MB

    MD5

    a90cf2c636dffdc2ec408a9fd2f7b04a

    SHA1

    075caa3aebf7db028e4837e5c2410c23bff36941

    SHA256

    ffd1fe1370139c864cf73782196643c748bd596080cafc20faedd3cda5c9e916

    SHA512

    4e41ea89c56e74382367ecee8b2208c1ef6235da53e729e630dff214838c68fe30f7a853a787e7db100a8b6033483494a135146da43b0e1ed3807bf653cb3080

  • memory/3648-5-0x0000000010000000-0x0000000010198000-memory.dmp

    Filesize

    1.6MB

  • memory/3648-4-0x00000000009E0000-0x00000000009E6000-memory.dmp

    Filesize

    24KB

  • memory/3648-7-0x00000000029C0000-0x0000000002ADD000-memory.dmp

    Filesize

    1.1MB

  • memory/3648-8-0x0000000002AE0000-0x0000000002BE1000-memory.dmp

    Filesize

    1.0MB

  • memory/3648-9-0x0000000002AE0000-0x0000000002BE1000-memory.dmp

    Filesize

    1.0MB

  • memory/3648-11-0x0000000002AE0000-0x0000000002BE1000-memory.dmp

    Filesize

    1.0MB

  • memory/3648-12-0x0000000010000000-0x0000000010198000-memory.dmp

    Filesize

    1.6MB

  • memory/3648-15-0x0000000002AE0000-0x0000000002BE1000-memory.dmp

    Filesize

    1.0MB

  • memory/3648-16-0x0000000002BF0000-0x000000000469D000-memory.dmp

    Filesize

    26.7MB

  • memory/3648-17-0x00000000046A0000-0x0000000004794000-memory.dmp

    Filesize

    976KB

  • memory/3648-18-0x00000000047A0000-0x0000000004892000-memory.dmp

    Filesize

    968KB

  • memory/3648-21-0x00000000047A0000-0x0000000004892000-memory.dmp

    Filesize

    968KB

  • memory/3648-22-0x00000000008C0000-0x00000000008D1000-memory.dmp

    Filesize

    68KB

  • memory/3648-23-0x00000000554C0000-0x0000000055511000-memory.dmp

    Filesize

    324KB