Analysis

  • max time kernel
    113s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-09-2024 18:14

General

  • Target

    e0d88f5934f1db8a15373706387dce90N.exe

  • Size

    159KB

  • MD5

    e0d88f5934f1db8a15373706387dce90

  • SHA1

    3d6a633b8f7052b70cc4cc293e31bbaae7382a99

  • SHA256

    e59a1eeb4f320c90c7b358f591ce6c1b7a97c1ee48bd30397c8b1c6960893bc9

  • SHA512

    2602501472c2e3fb328173919e68de138d5b23b1c3e73b3d6ac25590b9a0989379ff3849aaaeb6267b5ae5c7ddadf80d2cdf0a3294f02586402ffed0ca46022f

  • SSDEEP

    3072:wq6+ouCpk2mpcWJ0r+QNTBfz95PjQeenDc3:wldk1cWQRNTBLreo3

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e0d88f5934f1db8a15373706387dce90N.exe
    "C:\Users\Admin\AppData\Local\Temp\e0d88f5934f1db8a15373706387dce90N.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1420
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6F73.tmp\6F74.tmp\6F75.bat C:\Users\Admin\AppData\Local\Temp\e0d88f5934f1db8a15373706387dce90N.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2088
      • C:\Windows\system32\reg.exe
        Reg.exe add "HKLM\SOFTWARE\EasyUEFI" /v "Email" /t REG_SZ /d "[email protected]" /f
        3⤵
          PID:208
        • C:\Windows\system32\reg.exe
          Reg.exe add "HKLM\SOFTWARE\EasyUEFI" /v "License" /t REG_SZ /d "KV2CS7TDQZ58QHAEHVNYQEWE3W465QEUXD4H4E5EQPNY2SQF" /f
          3⤵
            PID:2704

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\6F73.tmp\6F74.tmp\6F75.bat

        Filesize

        349B

        MD5

        de026db21eacd755ebc37df170efb0d4

        SHA1

        093660f29d2c103a96944d468c60d51ac40fd865

        SHA256

        979c1644e0f9d081cd3a5cdd36ee38bc7e3294af63303f6055d7d5adc211217c

        SHA512

        d77192000f57ad361e465f629ff990acaa0cea9f84be816426bcbe14af0b0e2e571c3bb85af41fadaede584f5132d6e91e40073be0d5b8cff134d3518fe29e6a