e904cab0fe9c0b2f8e6dd9dba4dd54fe928749d28ff4520d76d44ef41a112f12

Analysis

max time kernel
30s
max time network
46s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 09:18

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

New Text Document.exe
Size

4KB
MD5

a239a27c2169af388d4f5be6b52f272c
SHA1

0feb9a0cd8c25f01d071e9b2cfc2ae7bd430318c
SHA256

98e895f711226a32bfab152e224279d859799243845c46e550c2d32153c619fc
SHA512

f30e1ff506cc4d729f7e24aa46e832938a5e21497f1f82f1b300d47f45dae7f1caef032237ef1f5ae9001195c43c0103e3ab787f9196c8397846c1dea8f351da
SSDEEP

48:6r1huik0xzYGJZZJOQOulbfSqXSfbNtm:IIxcLpf6zNt

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	New Text Document.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4308	New Text Document.exe

C:\Users\Admin\AppData\Local\Temp\New Text Document.exe
"C:\Users\Admin\AppData\Local\Temp\New Text Document.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:4308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a\crt.exe

Filesize
4KB

MD5
670ed39cb9e56b72a83a2d5ed6148989

SHA1
a8e18cf26e142d2b014e47b5d87c765a7b692ccd

SHA256
9d745efc392c4bc49124e01ef9b42a43c900dc48be1c72029d7de14c7299f655

SHA512
a6b809aaf1df7dfa83b6ce4eea488cd95930de56d4c894e0822c38180bc63049a3440d0ca9e8c95547d0c069280f4c58bbfd087ccc94f0facd57f3f958b94642

Download Submit
memory/4308-0-0x00007FFABBF33000-0x00007FFABBF35000-memory.dmp

Filesize
8KB

Download
memory/4308-1-0x0000000000060000-0x0000000000068000-memory.dmp

Filesize
32KB

Download
memory/4308-2-0x00007FFABBF30000-0x00007FFABC9F1000-memory.dmp

Filesize
10.8MB

Download
memory/4308-12-0x00007FFABBF33000-0x00007FFABBF35000-memory.dmp

Filesize
8KB

Download
memory/4308-13-0x00007FFABBF30000-0x00007FFABC9F1000-memory.dmp

Filesize
10.8MB

Download