fa6aa0dd992228ace8364ddfe1df64c539ee82217fe36710e5882f62dc9868d7

Analysis

max time kernel
113s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-06-2024 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

993609639C915D36F2821BAD869A17D4.exe
Size

424KB
MD5

993609639c915d36f2821bad869a17d4
SHA1

899988523cc0bde90c28889a5e32b273757915ac
SHA256

fa6aa0dd992228ace8364ddfe1df64c539ee82217fe36710e5882f62dc9868d7
SHA512

147b9272265b9a5edea8b1f54b37dd95e8380ba461233bb476612ff48016ae752b2cbfa31d3bf87a6f404469eae6c90392c652f19720b4531b78e648b7b58f32
SSDEEP

6144:6O1rkNbOFsBuztTfSoRgxX+j14TGYoij7aR1XPQg9TU5YGmvST3h68BoKupOdCHU:axBuBTExX+AoLzTUKdvST/BoKupOjHz

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

993609639C915D36F2821BAD869A17D4.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	993609639C915D36F2821BAD869A17D4.exe

Executes dropped EXE 3 IoCs

Processes:

Hkbsse.exeHkbsse.exeHkbsse.exe

pid process

1664 Hkbsse.exe
416 Hkbsse.exe
1088 Hkbsse.exe
Drops file in Windows directory 1 IoCs

Processes:

993609639C915D36F2821BAD869A17D4.exe

description ioc process

File created C:\Windows\Tasks\Hkbsse.job 993609639C915D36F2821BAD869A17D4.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
1664	Hkbsse.exe
416	Hkbsse.exe
1088	Hkbsse.exe

description	ioc	process
File created	C:\Windows\Tasks\Hkbsse.job	993609639C915D36F2821BAD869A17D4.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

993609639C915D36F2821BAD869A17D4.exe

description	pid	process	target process
PID 2492 wrote to memory of 1664	2492	993609639C915D36F2821BAD869A17D4.exe	Hkbsse.exe
PID 2492 wrote to memory of 1664	2492	993609639C915D36F2821BAD869A17D4.exe	Hkbsse.exe
PID 2492 wrote to memory of 1664	2492	993609639C915D36F2821BAD869A17D4.exe	Hkbsse.exe

C:\Users\Admin\AppData\Local\Temp\993609639C915D36F2821BAD869A17D4.exe
"C:\Users\Admin\AppData\Local\Temp\993609639C915D36F2821BAD869A17D4.exe"
1⤵
- Checks computer location settings
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2492

C:\Users\Admin\AppData\Local\Temp\263c5c4d73\Hkbsse.exe
"C:\Users\Admin\AppData\Local\Temp\263c5c4d73\Hkbsse.exe"
2⤵
- Executes dropped EXE
PID:1664

C:\Users\Admin\AppData\Local\Temp\263c5c4d73\Hkbsse.exe
C:\Users\Admin\AppData\Local\Temp\263c5c4d73\Hkbsse.exe
1⤵
- Executes dropped EXE
PID:416

C:\Users\Admin\AppData\Local\Temp\263c5c4d73\Hkbsse.exe
C:\Users\Admin\AppData\Local\Temp\263c5c4d73\Hkbsse.exe
1⤵
- Executes dropped EXE
PID:1088

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\263c5c4d73\Hkbsse.exe
Filesize
424KB

MD5
993609639c915d36f2821bad869a17d4

SHA1
899988523cc0bde90c28889a5e32b273757915ac

SHA256
fa6aa0dd992228ace8364ddfe1df64c539ee82217fe36710e5882f62dc9868d7

SHA512
147b9272265b9a5edea8b1f54b37dd95e8380ba461233bb476612ff48016ae752b2cbfa31d3bf87a6f404469eae6c90392c652f19720b4531b78e648b7b58f32

Download Submit
C:\Users\Admin\AppData\Local\Temp\539840389126
Filesize
84KB

MD5
505cfa1074ff56ffff6a98c1581b2440

SHA1
a8ca048fd2e41590ce1b32b69e1e3c1fa4e6e6d1

SHA256
6d1ae73d004f0058a5fd1fdaab16c7172fe259c64f0060cc5f8ae3ce23025c74

SHA512
6de071a45e8b6c2c71944db0a45fd3b4e140c2685746a0807c3a3b287b883de670c2eca57940bf7aae06f361c4b65d114f010654688190c5c882bf716453b786

Download Submit