Analysis
-
max time kernel
112s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
21/11/2024, 09:48
General
-
Target
82296dadc14bc12fd4beaf3c4d60886dec306de04960b15422fed24c483f0b70.exe
-
Size
9.3MB
-
MD5
c7ffa97a7d6909c48ca4f691c27f1832
-
SHA1
51968c427e80209922e1126981f5fde0c2ea5de8
-
SHA256
82296dadc14bc12fd4beaf3c4d60886dec306de04960b15422fed24c483f0b70
-
SHA512
cb386881c4cf59a4140d19b9f5be8bb78de8e47291adff3d270f32dc9733f63499b6d32200cf48ec07812ee6782d360bfd8273f196d1a87f9f34f078bd8715d9
-
SSDEEP
196608:8oazg7DSmoazg7DSmoaOoazg7DSmoazg7DSmoav:Gg7uog7uXg7uog7uY
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 3 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 4 IoCs
-
Modifies registry key 1 TTPs 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 14 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\82296dadc14bc12fd4beaf3c4d60886dec306de04960b15422fed24c483f0b70.exe"C:\Users\Admin\AppData\Local\Temp\82296dadc14bc12fd4beaf3c4d60886dec306de04960b15422fed24c483f0b70.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Windows Update" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe" /f2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe"C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe"C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Users\Admin\AppData\Roaming\Scegli_nome_allegato.exe"C:\Users\Admin\AppData\Roaming\Scegli_nome_allegato.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9.3MB
MD5071ba4c215521c51644a69aed6d8c8a8
SHA1a1c80b65afa957b4da3c94fc7d66f1b7ef81c22a
SHA256783d6b4ec86da1416606f2b076ccdedf182d9ea920a2e775eaef384d7d819a55
SHA5127f1ec4f9f033822920810946ab1c9b4e4aaf2deae634d5547f7aadb6e736e0d896ce2236e0179b7a8f6e2e619ad24b962593a3e3ee345b876068c065fb1f5078
-
Filesize
1.0MB
MD5a2f259ceb892d3b0d1d121997c8927e3
SHA16e0a7239822b8d365d690a314f231286355f6cc6
SHA256ab01a333f38605cbcebd80e0a84ffae2803a9b4f6bebb1e9f773e949a87cb420
SHA5125ae1b60390c94c9e79d3b500a55b775d82556e599963d533170b9f35ad5cfa2df1b7d24de1890acf8e1e2c356830396091d46632dbc6ee43a7d042d4facb5dad
-
Filesize
2.0MB
-
Filesize
4KB
-
Filesize
2.0MB
-
Filesize
4KB
-
Filesize
2.0MB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
4KB
-
Filesize
1004KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
4KB