Resubmissions

05-09-2023 01:34

230905-by5lrsch46 10

Analysis

  • max time kernel
    140s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 01:20

General

  • Target

    d92b5b079600e4b7db2b17374ce0f2e20e077a28f9275c5054b857de09377745.exe

  • Size

    2.4MB

  • MD5

    871437c5f018c4fe1dc51e8a92ee2278

  • SHA1

    437ef6aac1ecb9b8c52f3e3a8161404e2ab88698

  • SHA256

    d92b5b079600e4b7db2b17374ce0f2e20e077a28f9275c5054b857de09377745

  • SHA512

    67e75646861267120b6760e3d85d7012626282e0cfcfa6974d48f17fc5e00356e542c9c38293fbb29b7770033db9489eb98fd0caffe7ea04dfd4186eafdb4081

  • SSDEEP

    49152:rLLqnWBq9t/saLUwE1MTck6+UuNkKY2HjbgqNOXu149N/Qg1xYF:riLts8+1MTcENJY6joh1xs

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d92b5b079600e4b7db2b17374ce0f2e20e077a28f9275c5054b857de09377745.exe
    "C:\Users\Admin\AppData\Local\Temp\d92b5b079600e4b7db2b17374ce0f2e20e077a28f9275c5054b857de09377745.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" -U /s 883c9DGW.5
      2⤵
      • Loads dropped DLL
      PID:2044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\883c9DGW.5

    Filesize

    2.1MB

    MD5

    bc2c32e53a85a89cf9e3328a980a1c37

    SHA1

    fcbfe0bce8b255df14fe911a05a43aa23b22d710

    SHA256

    3e1118bbc0450d6def003c209962eb29d2f7622b578c94089b7023786fecfb97

    SHA512

    0c1de5c89e3f026287ad96f08a7e4e9973b4ce95efa516135ddd00df40611cc4d8c7234d95422ee5e8794a83b60a6bf22b6ed88b09807fdc2290ac087b8dd440

  • memory/2044-4-0x0000000000400000-0x0000000000619000-memory.dmp

    Filesize

    2.1MB

  • memory/2044-6-0x0000000002B20000-0x0000000002B26000-memory.dmp

    Filesize

    24KB

  • memory/2044-7-0x0000000002B30000-0x0000000002C2C000-memory.dmp

    Filesize

    1008KB

  • memory/2044-8-0x0000000002F90000-0x0000000003073000-memory.dmp

    Filesize

    908KB

  • memory/2044-11-0x0000000002F90000-0x0000000003073000-memory.dmp

    Filesize

    908KB

  • memory/2044-12-0x0000000000400000-0x0000000000619000-memory.dmp

    Filesize

    2.1MB

  • memory/2044-13-0x0000000002F90000-0x0000000003073000-memory.dmp

    Filesize

    908KB

  • memory/2044-14-0x0000000003080000-0x0000000004351000-memory.dmp

    Filesize

    18.8MB

  • memory/2044-15-0x0000000004360000-0x0000000004437000-memory.dmp

    Filesize

    860KB

  • memory/2044-16-0x0000000004440000-0x000000000451C000-memory.dmp

    Filesize

    880KB

  • memory/2044-19-0x0000000004440000-0x000000000451C000-memory.dmp

    Filesize

    880KB

  • memory/2044-20-0x0000000000CE0000-0x0000000000CE1000-memory.dmp

    Filesize

    4KB

  • memory/2044-21-0x0000000000CF0000-0x0000000000CF4000-memory.dmp

    Filesize

    16KB