8c294a97704d97525dea5ae710a948c74dfbf98fdff3f37fa539d7f970e33e30

Analysis

max time kernel
134s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26-07-2024 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BRUTOFORCE-SEED-V12.6.8/lib.exe
Size

64.4MB
MD5

f4db0c6f4eac031121dfc08675c84e7c
SHA1

e419149294889f087d7b3122f484a7453fc23210
SHA256

cfcd1ec2315a49c410bcef131cc4d1e7674364c34a20902fed43e20d053978e0
SHA512

40d159283f5176ce42680309948be2127740ddf8078b1bb81dc69ff9672553158f186fd9a55cfb1348bb5ff118c38d1cb52c9fd4b5218672808773e0b164d9cc
SSDEEP

1572864:tCEnmOy4v0SH7+m38eUSgCX0CQ3+VXaw4hCnPHK:bmOKrSDX0V+VTPq

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	lib.exe

Executes dropped EXE 1 IoCs

pid	Process
4692	BRUTOFORCE SEED.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BRUTOFORCE SEED.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1864 wrote to memory of 4692	1864	lib.exe	89
PID 1864 wrote to memory of 4692	1864	lib.exe	89
PID 1864 wrote to memory of 4692	1864	lib.exe	89

C:\Users\Admin\AppData\Local\Temp\BRUTOFORCE-SEED-V12.6.8\lib.exe
"C:\Users\Admin\AppData\Local\Temp\BRUTOFORCE-SEED-V12.6.8\lib.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1864
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\BRUTOFORCE SEED.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\BRUTOFORCE SEED.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4692-15-0x0000000007230000-0x0000000007BB9000-memory.dmp

Filesize
9.5MB

Download
memory/4692-18-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download
memory/4692-29-0x0000000006D90000-0x0000000006E44000-memory.dmp

Filesize
720KB

Download
memory/4692-26-0x0000000006D90000-0x0000000006E44000-memory.dmp

Filesize
720KB

Download
memory/4692-25-0x0000000006C90000-0x0000000006CC5000-memory.dmp

Filesize
212KB

Download
memory/4692-22-0x0000000006C90000-0x0000000006CC5000-memory.dmp

Filesize
212KB

Download
memory/4692-21-0x0000000000AF4000-0x0000000000AF5000-memory.dmp

Filesize
4KB

Download
memory/4692-17-0x0000000007230000-0x0000000007BB9000-memory.dmp

Filesize
9.5MB

Download
memory/4692-32-0x00000000087C0000-0x00000000093A9000-memory.dmp

Filesize
11.9MB

Download
memory/4692-41-0x0000000006B70000-0x0000000006BAA000-memory.dmp

Filesize
232KB

Download
memory/4692-50-0x0000000006AE0000-0x0000000006AFF000-memory.dmp

Filesize
124KB

Download
memory/4692-78-0x0000000006CF0000-0x0000000006D0E000-memory.dmp

Filesize
120KB

Download
memory/4692-77-0x0000000006D10000-0x0000000006D22000-memory.dmp

Filesize
72KB

Download
memory/4692-74-0x0000000006D10000-0x0000000006D22000-memory.dmp

Filesize
72KB

Download
memory/4692-73-0x0000000006C30000-0x0000000006C39000-memory.dmp

Filesize
36KB

Download
memory/4692-70-0x0000000006C30000-0x0000000006C39000-memory.dmp

Filesize
36KB

Download
memory/4692-69-0x0000000006BC0000-0x0000000006BC6000-memory.dmp

Filesize
24KB

Download
memory/4692-66-0x0000000006BC0000-0x0000000006BC6000-memory.dmp

Filesize
24KB

Download
memory/4692-65-0x0000000006CD0000-0x0000000006CE5000-memory.dmp

Filesize
84KB

Download
memory/4692-62-0x0000000006CD0000-0x0000000006CE5000-memory.dmp

Filesize
84KB

Download
memory/4692-61-0x0000000006C00000-0x0000000006C22000-memory.dmp

Filesize
136KB

Download
memory/4692-58-0x0000000006C00000-0x0000000006C22000-memory.dmp

Filesize
136KB

Download
memory/4692-57-0x0000000006BE0000-0x0000000006BF5000-memory.dmp

Filesize
84KB

Download
memory/4692-54-0x0000000006BE0000-0x0000000006BF5000-memory.dmp

Filesize
84KB

Download
memory/4692-49-0x0000000006B00000-0x0000000006B0C000-memory.dmp

Filesize
48KB

Download
memory/4692-46-0x0000000006B00000-0x0000000006B0C000-memory.dmp

Filesize
48KB

Download
memory/4692-45-0x0000000006B30000-0x0000000006B41000-memory.dmp

Filesize
68KB

Download
memory/4692-42-0x0000000006B30000-0x0000000006B41000-memory.dmp

Filesize
68KB

Download
memory/4692-53-0x0000000006AE0000-0x0000000006AFF000-memory.dmp

Filesize
124KB

Download
memory/4692-38-0x0000000006B70000-0x0000000006BAA000-memory.dmp

Filesize
232KB

Download
memory/4692-37-0x0000000006B10000-0x0000000006B2D000-memory.dmp

Filesize
116KB

Download
memory/4692-34-0x0000000006B10000-0x0000000006B2D000-memory.dmp

Filesize
116KB

Download