Analysis
-
max time kernel
142s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
10/07/2024, 09:05
General
-
Target
1a6ef07dcd124e088d4adfeb6c6897e4ad6292bb2e8605b39701168c1f349a3c.exe
-
Size
2.1MB
-
MD5
2f2b3b7da6eacecf527411eccf4d3ea9
-
SHA1
9aad2f6360daf31f27c3dee01b1f7628e3e6dcba
-
SHA256
1a6ef07dcd124e088d4adfeb6c6897e4ad6292bb2e8605b39701168c1f349a3c
-
SHA512
df764d2fb2a112a3602867b31f0de779d8ffc996a90623489c716875193a5c45a135949e871ed967282b961c0ae2d682f67395d7ebf626aec79ccdb0d0cc14ba
-
SSDEEP
49152:tBuZrEUomnOzOPiFp0Rqk8c55DdN7POGjVs:7kL/DGqq7c55lji
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Kills process with taskkill 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a6ef07dcd124e088d4adfeb6c6897e4ad6292bb2e8605b39701168c1f349a3c.exe"C:\Users\Admin\AppData\Local\Temp\1a6ef07dcd124e088d4adfeb6c6897e4ad6292bb2e8605b39701168c1f349a3c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-G1BR3.tmp\1a6ef07dcd124e088d4adfeb6c6897e4ad6292bb2e8605b39701168c1f349a3c.tmp"C:\Users\Admin\AppData\Local\Temp\is-G1BR3.tmp\1a6ef07dcd124e088d4adfeb6c6897e4ad6292bb2e8605b39701168c1f349a3c.tmp" /SL5="$50282,1388696,832512,C:\Users\Admin\AppData\Local\Temp\1a6ef07dcd124e088d4adfeb6c6897e4ad6292bb2e8605b39701168c1f349a3c.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c taskkill /f /t /im ClusterManagerServer.exe3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im ClusterManagerServer.exe4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.0MB
MD5c1133bd8fc9669d65aa243a158d7818a
SHA1ebafd950aa5e63ec17421b9fb293442bba5f2e15
SHA256fd3522ae1fc77d7a2a1eb2dcfbf98a5c57fc232f034fe2a035e60c44e35bcf3e
SHA512d21716d9b6fe179c144c8183647a0e20f4062506405a03978b573f5244d524ce8e8dc6e537b0205bcf4753cda830a1d5114e8a8e6b7fe73278095786d6549ae2
-
Filesize
28KB
MD5077cb4461a2767383b317eb0c50f5f13
SHA1584e64f1d162398b7f377ce55a6b5740379c4282
SHA2568287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64
SHA512b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547
-
Filesize
864KB
-
Filesize
728KB
-
Filesize
864KB
-
Filesize
3.1MB
-
Filesize
3.1MB