959dc1a9cfa6170f4f28323c26d2d0cdb1a9ecbf9394d34ba1e01d0d753f5253

Analysis

max time kernel
32s
max time network
34s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2024 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Netflix Generator And Checker By SISTRO.exe
Size

431KB
MD5

15a81fe5111416fd2dc13bfd57a4b89a
SHA1

f83c6e5b29016a36f4470b343bb2744a6a5f95f4
SHA256

959dc1a9cfa6170f4f28323c26d2d0cdb1a9ecbf9394d34ba1e01d0d753f5253
SHA512

0ed122d2491f36ae40cc86b9b1e4d686c5d0c256631c65fd0b293a5dbf92311627248f441625233b3f706f030b2b2d220c3febeda57686083bbd6403e912d6a1
SSDEEP

12288:UtH5NLaAdDhAAEIFDefYepCF1Y7spd9tX/:UtH5sAdXEIFDGY2CF1Y7sz9tX/

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	Netflix Generator And Checker By SISTRO.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Netflix Generator And Checker By SISTRO.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5172 wrote to memory of 2804	5172	Netflix Generator And Checker By SISTRO.exe	87
PID 5172 wrote to memory of 2804	5172	Netflix Generator And Checker By SISTRO.exe	87
PID 5172 wrote to memory of 2804	5172	Netflix Generator And Checker By SISTRO.exe	87

C:\Users\Admin\AppData\Local\Temp\Netflix Generator And Checker By SISTRO.exe
"C:\Users\Admin\AppData\Local\Temp\Netflix Generator And Checker By SISTRO.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5172
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\Actions.bat" "
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\Actions.bat

Filesize
4KB

MD5
81bff87fe630d93e07f58e713e17cc3c

SHA1
0dafabeff400446d31749531875216b767054ad9

SHA256
29b8b8ac98aad68354dae178f3dc21241bb05a26cfdd16b885c83cdf7062e49f

SHA512
f4e2fa941996d58ad3f6fee4eb178be4885b5a19a93b050f0d0784747a2ba562aa68046c2abe461b0f456807c12b6a66c0175b075a18ebdc119957733c1bd2f4

Download Submit