Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 01:03

General

  • Target

    0833c4e8e1125dbc4ec18d3803be63778cf3cb2d1a77c8398f3b380c1c7e25cb.exe

  • Size

    5KB

  • MD5

    a6edc88e45cdddefc02dcaaa6c0ffc2f

  • SHA1

    37ccc25cc0e31a3d26047b13886b2c2072081cc5

  • SHA256

    0833c4e8e1125dbc4ec18d3803be63778cf3cb2d1a77c8398f3b380c1c7e25cb

  • SHA512

    6a890cb1c1a1e2a2ab87604a64ed4d3e2e922fd5753dea55155e0daf3d469388d9631ba5f8cc5f2cae44f178735029952374bdea480481f14988484f274c05e6

  • SSDEEP

    48:6pTlYrITctYG+vLHmCyYfJyMmw9jAUzEVnQBG/RACalGUbw2CS7DD:mBLYtOvLGazZ6wAnQWRRUbw2CqD

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0833c4e8e1125dbc4ec18d3803be63778cf3cb2d1a77c8398f3b380c1c7e25cb.exe
    "C:\Users\Admin\AppData\Local\Temp\0833c4e8e1125dbc4ec18d3803be63778cf3cb2d1a77c8398f3b380c1c7e25cb.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3516
    • C:\Users\Admin\AppData\Local\Temp\denis.exe
      "C:\Users\Admin\AppData\Local\Temp\denis.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1992

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GOWSKSPC\1305UKdw[1].htm

    Filesize

    278B

    MD5

    9fa1cef991fe6e8541a0c8fb5aa3a5b9

    SHA1

    59851a273d54ea0d43eccd328cfa594e14f7a352

    SHA256

    98fce9f1f8d8acce3e1c12cd42d8466d57b54ce3d78160229a0f58d7091bbbfa

    SHA512

    a007ef97dd8fcf2b09ceca0f56948e06fa53f86833436d5b1915dd9b622d797fd1b1a65f33ea9c46931cbda1b921ace8b66ac5713beded0c4ef56e279eb35134

  • C:\Users\Admin\AppData\Local\Temp\denis.exe

    Filesize

    5KB

    MD5

    59c69e80813ccfb47a1e0664b6daed4e

    SHA1

    5e8eab93edc36f310f57f8839a99921f4dfaa86c

    SHA256

    79e958347934d15783b07e4a2ef9d3036ba7686bdeb95b019211b5e56154cbc0

    SHA512

    25bd964002087e9e5be8c6c42e4d336d6499fbb5644657912a38c3a6818494726ba94dd7704fffa921c39418396aab31bb321f53812e7274f4cf69ea06154bf7