cfcc0b1ad26d30dec96f71344c4ce6fdfe7b8e1c15c41112f189dbff293fb35f

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 03:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7dde623d773dea5e2bd7200e1488b68.exe
Size

86KB
MD5

f7dde623d773dea5e2bd7200e1488b68
SHA1

424fd1c9d7404177eef5a309d28ce9e27085aecf
SHA256

cfcc0b1ad26d30dec96f71344c4ce6fdfe7b8e1c15c41112f189dbff293fb35f
SHA512

44291f02cd2faa502587a5f53b163f845f2e181cf0b97b77a3f04a508b6f0d1ff7488982866100899e3f395753376e532a7b4644e346c629f15daa6050fa4181
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjyaLccVNl6aB:V6a+pOtEvwDpjvp1

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	f7dde623d773dea5e2bd7200e1488b68.exe

Executes dropped EXE 1 IoCs

pid	Process
4076	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 4076	2672	f7dde623d773dea5e2bd7200e1488b68.exe	81
PID 2672 wrote to memory of 4076	2672	f7dde623d773dea5e2bd7200e1488b68.exe	81
PID 2672 wrote to memory of 4076	2672	f7dde623d773dea5e2bd7200e1488b68.exe	81

C:\Users\Admin\AppData\Local\Temp\f7dde623d773dea5e2bd7200e1488b68.exe
"C:\Users\Admin\AppData\Local\Temp\f7dde623d773dea5e2bd7200e1488b68.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:4076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
87KB

MD5
514f0a7a4bae3865c997218079e28477

SHA1
b7f816edbdbbc061cdd2e9dfeba00440c40656ae

SHA256
f819f47469d7c5473d6ce4f88a54f714f8e2e553246d6d0da0fbb64647c10f5e

SHA512
1be6cb5479153170d50973cdf4208e34ca98275dce82d7fa9b5462852f491ed7d5eddf894a64625b49fcb91b1b4f821a4788d9828af88bc4cfc3b18a16c0a81a

Download Submit
memory/2672-0-0x00000000007C0000-0x00000000007C6000-memory.dmp

Filesize
24KB

Download
memory/2672-1-0x00000000007E0000-0x00000000007E6000-memory.dmp

Filesize
24KB

Download
memory/2672-8-0x00000000007C0000-0x00000000007C6000-memory.dmp

Filesize
24KB

Download
memory/4076-17-0x00000000006D0000-0x00000000006D6000-memory.dmp

Filesize
24KB

Download
memory/4076-23-0x00000000006B0000-0x00000000006B6000-memory.dmp

Filesize
24KB

Download