Analysis
-
max time kernel
149s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 18:31
Static task
static1
Behavioral task
behavioral1
Sample
070e722ff03fbbcd625e21d3d4fe7cce752cb86a4fb44bd7c919b48feb756aa5.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
070e722ff03fbbcd625e21d3d4fe7cce752cb86a4fb44bd7c919b48feb756aa5.exe
Resource
win10v2004-20240508-en
General
-
Target
070e722ff03fbbcd625e21d3d4fe7cce752cb86a4fb44bd7c919b48feb756aa5.exe
-
Size
35KB
-
MD5
93f06ceb4c5d61567c9804bffe2ea8c4
-
SHA1
2411b1176ab0d8919134c5c722a7ba4f51257d57
-
SHA256
070e722ff03fbbcd625e21d3d4fe7cce752cb86a4fb44bd7c919b48feb756aa5
-
SHA512
9654355fed94a65f8db016e05687a1201e55f5103220f90603bd587a17ba792f29b7eac5b7a8e00d68bb1a196d9d32dfdc96cceaf283c7f3d260cada6b039424
-
SSDEEP
384:cyWWYh7R7DDN/jSyC8MxBPwr1xeMNiQFU/9stq2uJOyw8iPkGA0vXB:UlhJFLSyC8aBCm/9ObuEBkGAyXB
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation 070e722ff03fbbcd625e21d3d4fe7cce752cb86a4fb44bd7c919b48feb756aa5.exe -
Executes dropped EXE 1 IoCs
pid Process 908 lccac.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4600 wrote to memory of 908 4600 070e722ff03fbbcd625e21d3d4fe7cce752cb86a4fb44bd7c919b48feb756aa5.exe 83 PID 4600 wrote to memory of 908 4600 070e722ff03fbbcd625e21d3d4fe7cce752cb86a4fb44bd7c919b48feb756aa5.exe 83 PID 4600 wrote to memory of 908 4600 070e722ff03fbbcd625e21d3d4fe7cce752cb86a4fb44bd7c919b48feb756aa5.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\070e722ff03fbbcd625e21d3d4fe7cce752cb86a4fb44bd7c919b48feb756aa5.exe"C:\Users\Admin\AppData\Local\Temp\070e722ff03fbbcd625e21d3d4fe7cce752cb86a4fb44bd7c919b48feb756aa5.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4600 -
C:\Users\Admin\AppData\Local\Temp\lccac.exe"C:\Users\Admin\AppData\Local\Temp\lccac.exe"2⤵
- Executes dropped EXE
PID:908
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
316B
MD5faffc385707fbe7ff5f99ceab2f05ccd
SHA15c15e502f62b17672b019367ceedf147fb65c07c
SHA256e604825da52b2015e05983f5ed12eb5bcce27676b79235c2648d12eeb3850ba5
SHA51212240617d12fa0a56a137153f8cad8457035bfa2effd77842e4c523d7ee95df0753bed38c73f17d9385e213840f9e7a395fd0fb0d5b209ab8176efd1a8dd7673
-
Filesize
321B
MD51034771cbebaca175ad05b4aaa42d594
SHA1507ce43c2a79bcadc8e360d8a623f27d972bc699
SHA256bcfe416f86794d9971cba726412c8bc4e0de893d02b2e0959b286d8266ee989e
SHA51288b89fd1d6ddb7f1bfd4f0604954ff4b5ed7a4ba698195077c1c7b24a8432c9e61904bdfcca7ed506e0efcf2b21bb62c3ffd19357231d10cd50c2fd46eb75c99
-
Filesize
35KB
MD500b0bbd89cac0411d2ac21b13a707e58
SHA11a425d910320affe0ea30a8348e0b8829c7fd317
SHA256c99147eeb381402cf8a4cb34594d80a7041b14beb032238d117967dfd422037c
SHA5120d9e62627366170f699f3217a890221a1e6ac23996f93d86f6f73d8f799dd53e0d794149cbe95d9dd9e40f7d3af3c01c40d210de20b107af47dc3cae4a0de15a