875e1c7dda5698b9ddf60e1e6acd89980836e6ada3b694d1cb0128d64c2aaa96

Analysis

max time kernel
141s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03-06-2024 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8bdb2f74777cecd6ef14543619a90640.exe
Size

240KB
MD5

8bdb2f74777cecd6ef14543619a90640
SHA1

894182fe3bf8563cdefa1427d3bf601b0ec87a87
SHA256

875e1c7dda5698b9ddf60e1e6acd89980836e6ada3b694d1cb0128d64c2aaa96
SHA512

cc95792ec747046c15c7928d243d39033deb55683023815356871a92261560558ee3c67f48e9abd0a242740f2a2bedb07476d5ce23a1a465806d078733becc91
SSDEEP

6144:9ZyMeM8GKfnY3GCgc1Xz8FbCddDoxoec0aU4dh:9ZyMehG1cID8FbCddEaU4v

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	8bdb2f74777cecd6ef14543619a90640.exe

Loads dropped DLL 1 IoCs

pid	Process
2228	8bdb2f74777cecd6ef14543619a90640.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 4612	2228	8bdb2f74777cecd6ef14543619a90640.exe	90
PID 2228 wrote to memory of 4612	2228	8bdb2f74777cecd6ef14543619a90640.exe	90
PID 2228 wrote to memory of 4612	2228	8bdb2f74777cecd6ef14543619a90640.exe	90

C:\Users\Admin\AppData\Local\Temp\8bdb2f74777cecd6ef14543619a90640.exe
"C:\Users\Admin\AppData\Local\Temp\8bdb2f74777cecd6ef14543619a90640.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\SysWOW64\mshta.exe
  "C:\Windows\System32\mshta.exe" C:\Users\Admin\AppData\Local\Temp\a587f991-e1c7-481c-9ca8-2f935b716484\start.hta
  2⤵
  PID:4612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3452,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4444 /prefetch:8
1⤵
PID:3944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a587f991-e1c7-481c-9ca8-2f935b716484\helper.dll

Filesize
129KB

MD5
657ba74033676394c0a83aff3b20dfe6

SHA1
5549483b4a695e45cfc280d63a2f1772abf9d441

SHA256
e0a685c4fa5b6947dc7f595b564bfe5ce4d07e38903d7a1ded4ef02de5e2b2f3

SHA512
8489484746fc06e1832990048147a0957fd710154f463f95e8bcfbf6390ade32fade1282870de635b9aa48b4fdbc0f0f75a133de13c2b42cb3fb4c9a1d97bb48

Download Submit
C:\Users\Admin\AppData\Local\Temp\a587f991-e1c7-481c-9ca8-2f935b716484\loader.gif

Filesize
1KB

MD5
e88ebd85dd56110ac6ea93fe0922988e

SHA1
684a31d864d33ff736234c41ac4e8d2c7f90d5ae

SHA256
379d1b0948f8e06366e7bcd197c848c0cc783787792f2224f98c16b974d920eb

SHA512
211b0760c9a887fc13c479617daeb6d5b6ee0ccd06c214967abd3e1f14204f72e34a6dd5eb778a9fc6ac7fc8bd63bdef80b347abab97becda16924cb3e164dc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\a587f991-e1c7-481c-9ca8-2f935b716484\start.hta

Filesize
1KB

MD5
db4ada697fa7a0e215281533d52578e9

SHA1
fb755ea8371edf5065dc53e21eb413603f9eba7f

SHA256
f949fd6ca734830572128b4348dfd039419140c7ef501d80773f71ca3f0ed78c

SHA512
9ba1d2658785dd3c88b4399132f8330dc58872235e19ca9854b0e453d8cc7a58de0c8be84da376a72b5851073f531c95b2c6afa84f43053561ca8e6751d6e2f3

Download Submit