d6cfb9d6c862be5a244eb5e4c6339312f74b7eb57cad8d08f56e3de0024b2bbc

Analysis

max time kernel
113s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
18-06-2024 12:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13e5872e9b7c47090e035dc228c5589f.exe
Size

424KB
MD5

13e5872e9b7c47090e035dc228c5589f
SHA1

c55a9708091f19b5fc5baf7c37beb99d8d3bf760
SHA256

d6cfb9d6c862be5a244eb5e4c6339312f74b7eb57cad8d08f56e3de0024b2bbc
SHA512

260671baa8f30e2364b21ab0a9cd3d8a104f76032ebfd3684150d8c318b9cb759b246ae8df25274e864053a6d55bdb77e028452b1d91999b37efc291f8ee815e
SSDEEP

6144:9O1rkNbOFsBuztTfSoRgxX+j14TGYoij7aR1XPQg9TU5YGmvST3h68BoKupOdCHP:3xBuBTExX+AoLzTUKdvST/BoKupOjUz

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

13e5872e9b7c47090e035dc228c5589f.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	13e5872e9b7c47090e035dc228c5589f.exe

Executes dropped EXE 3 IoCs

Processes:

Hkbsse.exeHkbsse.exeHkbsse.exe

pid process

4200 Hkbsse.exe
936 Hkbsse.exe
3436 Hkbsse.exe
Drops file in Windows directory 1 IoCs

Processes:

13e5872e9b7c47090e035dc228c5589f.exe

description ioc process

File created C:\Windows\Tasks\Hkbsse.job 13e5872e9b7c47090e035dc228c5589f.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
4200	Hkbsse.exe
936	Hkbsse.exe
3436	Hkbsse.exe

description	ioc	process
File created	C:\Windows\Tasks\Hkbsse.job	13e5872e9b7c47090e035dc228c5589f.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

13e5872e9b7c47090e035dc228c5589f.exe

description	pid	process	target process
PID 1976 wrote to memory of 4200	1976	13e5872e9b7c47090e035dc228c5589f.exe	Hkbsse.exe
PID 1976 wrote to memory of 4200	1976	13e5872e9b7c47090e035dc228c5589f.exe	Hkbsse.exe
PID 1976 wrote to memory of 4200	1976	13e5872e9b7c47090e035dc228c5589f.exe	Hkbsse.exe

C:\Users\Admin\AppData\Local\Temp\13e5872e9b7c47090e035dc228c5589f.exe
"C:\Users\Admin\AppData\Local\Temp\13e5872e9b7c47090e035dc228c5589f.exe"
1⤵
- Checks computer location settings
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Users\Admin\AppData\Local\Temp\5641a448ac\Hkbsse.exe
  "C:\Users\Admin\AppData\Local\Temp\5641a448ac\Hkbsse.exe"
  2⤵
  - Executes dropped EXE
  PID:4200

C:\Users\Admin\AppData\Local\Temp\5641a448ac\Hkbsse.exe
C:\Users\Admin\AppData\Local\Temp\5641a448ac\Hkbsse.exe
1⤵
- Executes dropped EXE
PID:936

C:\Users\Admin\AppData\Local\Temp\5641a448ac\Hkbsse.exe
C:\Users\Admin\AppData\Local\Temp\5641a448ac\Hkbsse.exe
1⤵
- Executes dropped EXE
PID:3436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\124900551406

Filesize
74KB

MD5
f3bc35eaaa043b5f0001cf94e7c03381

SHA1
ffcea59daaf2df8cddb3e32d15dc0eee0cf66e13

SHA256
7c4650e899a24b149bc06be2b1345fdf46e425472c3d60971e2b4d268f97a9e2

SHA512
3345316da22a24a8268a11a7b23319b3717194fe08943f4dcfccfa1630bd676532b1d1663d582491d04aaee1c2547292d15a9f8d37aa8619a5c08f2872b957b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\5641a448ac\Hkbsse.exe

Filesize
424KB

MD5
13e5872e9b7c47090e035dc228c5589f

SHA1
c55a9708091f19b5fc5baf7c37beb99d8d3bf760

SHA256
d6cfb9d6c862be5a244eb5e4c6339312f74b7eb57cad8d08f56e3de0024b2bbc

SHA512
260671baa8f30e2364b21ab0a9cd3d8a104f76032ebfd3684150d8c318b9cb759b246ae8df25274e864053a6d55bdb77e028452b1d91999b37efc291f8ee815e

Download Submit