427977a037b5459c8e38d3857ef8eb5865fe22274e493724e2f930c053ec5a87

Analysis

max time kernel
94s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 11:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

427977a037b5459c8e38d3857ef8eb5865fe22274e493724e2f930c053ec5a87.exe
Size

7.2MB
MD5

6e56b0c607945bc685ebaf08c50fd3ca
SHA1

ecede79fb482e104c454a7a593754b1dc8372541
SHA256

427977a037b5459c8e38d3857ef8eb5865fe22274e493724e2f930c053ec5a87
SHA512

4ae9d1a5df06597a2f5d7c81212825c3bd11225d34341acae64f464ee5a6407295304bc31064b38857256e9f4021c730b3c79d08ed66fa8ed8dfa008c55522ae
SSDEEP

196608:XzhPTYqOMQe9VoNDp6NHqaJ1LDZpZ3NjSlQUIn8zK9m9f3:XzhbYnMQe9kDCKaJhx3N5Uh4u

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation	427977a037b5459c8e38d3857ef8eb5865fe22274e493724e2f930c053ec5a87.exe

Executes dropped EXE 1 IoCs

pid	Process
5104	427977a037b5459c8e38d3857ef8eb5865fe22274e493724e2f930c053ec5a87.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5104	427977a037b5459c8e38d3857ef8eb5865fe22274e493724e2f930c053ec5a87.exe
5104	427977a037b5459c8e38d3857ef8eb5865fe22274e493724e2f930c053ec5a87.exe
5104	427977a037b5459c8e38d3857ef8eb5865fe22274e493724e2f930c053ec5a87.exe
5104	427977a037b5459c8e38d3857ef8eb5865fe22274e493724e2f930c053ec5a87.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 5104	4908	427977a037b5459c8e38d3857ef8eb5865fe22274e493724e2f930c053ec5a87.exe	80
PID 4908 wrote to memory of 5104	4908	427977a037b5459c8e38d3857ef8eb5865fe22274e493724e2f930c053ec5a87.exe	80
PID 4908 wrote to memory of 5104	4908	427977a037b5459c8e38d3857ef8eb5865fe22274e493724e2f930c053ec5a87.exe	80

C:\Users\Admin\AppData\Local\Temp\427977a037b5459c8e38d3857ef8eb5865fe22274e493724e2f930c053ec5a87.exe
"C:\Users\Admin\AppData\Local\Temp\427977a037b5459c8e38d3857ef8eb5865fe22274e493724e2f930c053ec5a87.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Users\Admin\AppData\Local\Temp\e573642\427977a037b5459c8e38d3857ef8eb5865fe22274e493724e2f930c053ec5a87.exe
  run=1 shortcut="C:\Users\Admin\AppData\Local\Temp\427977a037b5459c8e38d3857ef8eb5865fe22274e493724e2f930c053ec5a87.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e573642\427977a037b5459c8e38d3857ef8eb5865fe22274e493724e2f930c053ec5a87.exe

Filesize
7.2MB

MD5
6e56b0c607945bc685ebaf08c50fd3ca

SHA1
ecede79fb482e104c454a7a593754b1dc8372541

SHA256
427977a037b5459c8e38d3857ef8eb5865fe22274e493724e2f930c053ec5a87

SHA512
4ae9d1a5df06597a2f5d7c81212825c3bd11225d34341acae64f464ee5a6407295304bc31064b38857256e9f4021c730b3c79d08ed66fa8ed8dfa008c55522ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5737ab\CheckUpdate.html

Filesize
2KB

MD5
2279aba4e0924b43210a923f27dee74a

SHA1
3085a2ef815e524ad791e12fa5a61c191995352d

SHA256
381093db4976b729c2c78a6be0bfb610b79624d5f2cba2c3fff25df6fea27550

SHA512
a7f569b61077e9e8bdb3117cb4f74ea3ca10245ddf5cf1320636d33bc7c2076e31d6a9f7b8399adac0cc97b168aa736084fceadfe88118162587361dbe3c230f

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5737ab\Load.html

Filesize
1KB

MD5
2b56b67e00a98d374c1bc71a4dc0d088

SHA1
205c8239c1603c00459ac9ff1d33a99bbdd20ea0

SHA256
d67af39a65019ed6ccdb8038f724be4f565d6770244a6c3d938a50124968c01c

SHA512
1e16fcf053d315f5de8fcd88fcd24c5429bb333bfa4d473a79dff60d381d8410414d71d12285326541fc1cc2ef90c921f5fc85bf465695f1f23c99ffd70fa5c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5737ab\js\contents.js

Filesize
54KB

MD5
c83d0880b585ea23dffbc3e071f38273

SHA1
84b4d53df65b8d9bf256adf63df3770678882fa9

SHA256
ed184c45bac222fd4a1fcf081aaabc27296bd1f1e0d6ecaf87845acbb2c4cd05

SHA512
52878c441aa58aacab6b3ff84824cef3403f49e07ed781fa44cd6e345fa289a25d89ac9f180058d11ce099408c1933f6aa1047b2173967798674c6246f77c2d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5737ab\js\external.js

Filesize
34B

MD5
01b324eac445a222772cca54bfe616f3

SHA1
c209fcd7c1b52d810ad9588d4be8430b268db419

SHA256
d7db605d0a1b154a5344113782a2f8ec5ff48684bc08a1b9bce38bec4d005d42

SHA512
3e0a5e1edf6e539544815aae6cac790fa8c49658251cbbd9557eb39eb3ae4a474aa909fc104404f89e53a55d8a0cb00720b3085ac299e6c8d1ab73614feba1c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5737ab\js\installerlist.js

Filesize
693KB

MD5
03d8ae4b163070506dc7704f8500efb7

SHA1
fd0ced50a6806db544ab158170c11f550354c2e5

SHA256
ed68ea1ae29b906a379a887115509e6d9edf288061397af2aad2c19ce1e8fed9

SHA512
a3326da4c626eee2e686564edfacb458ad25e85a08402aab5ea7de76c8797a5b94a7c494cc130b176c6d8cbf7722aa76ca6942831e647b39527066f6c5b6fc5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5737ab\js\installerlist.js

Filesize
1.2MB

MD5
8e84ff846d26f7eee5fb04d7622c2595

SHA1
65c87428e1acb9038fe37e5f6a0b4a2b2f7bc336

SHA256
68d801baed804093025e05d3a03b2ed0ce3a0884979e1dca8ee83be324ce0f7f

SHA512
4e049de86c78d2d924ad6bef7657a32a65801979489b0190957f4b75cba8c29bbfb960a68df525b87ad83e1aa386277e5dff6895c87409e02908939997b14abe

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5737ab\js\installparams.js

Filesize
648B

MD5
cf1ed387a124f8962247a7d17701617d

SHA1
8f7078141cb555b81ae5dcf4799924190205af2d

SHA256
665e426d42ecc20b8a698990993843f5d5006ed6dd7c1a0780c76c1c3518f8b4

SHA512
4eac37156fd0a92d43be008fe9c82304cd17248bef739c555f6b71bc3f9576f211e48a04ae7e70bada164dd05dfaeec769f3b29e935502eeb145289d709120b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5737ab\js\jquery-1.11.2.min.js

Filesize
93KB

MD5
9aecea3830b65ecad103ee84bd5fe294

SHA1
47ecdf62eb3cf45ba4867846cb61afa70369d23a

SHA256
a271a3f9e3cae897ced669d6652699e947928ef095e56384c4f9dd04bbb942ec

SHA512
754c25b5fc6a3e5d2027326c6814f229f9131396ea026a407dd16d092da6116bb0ee8971417463ba68268098dedc182b6fa10060ddda6ce063a5eca94be3c152

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5737ab\js\stubparams.js

Filesize
98KB

MD5
fe324e4f0fe3ade21276286e99929185

SHA1
3b75be56fbf7ba815bc2775c638a66531f7e6c20

SHA256
3b3ff1e2711ee4da996d0a1b64693784e1b8e94ae9094ffe2c7602989658043c

SHA512
602c4651952058b565e007e783c796f9fa5b40e2fd00ccb7affebae069867775bb379a038419b586173484085c0f35aafb581d0c7b04730cc671135a6df74ef7

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5737ab\js\stubparams2.js

Filesize
216B

MD5
39a0a5019309ca5c180bbad7187c205b

SHA1
ea10da6c7b777a19f2e8403a2a992bb2a8b69b71

SHA256
6c0021efd43e3e65bb0923a71d79d4967fab0fa3e4aedd1cad73e96d61587ff2

SHA512
7f86877b8008e883a3ab4842978f3b6685c38c4fe1e7b108b5eed194f0167cfc97fdf8d9604e893e89d3437ec2186d52cc72885153a81410eb98274bac89bc68

Download Submit