daaaf8f57839df3645b9a65a3223483c5ff9b01840e179242158d1b8a948a801

Analysis

max time kernel
150s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2024 00:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wmispe.exe
Size

684KB
MD5

69058bba0b0ce086c23d0b50fb712fd6
SHA1

73c45dcf072ebeac0f7e8ddce7a80ad5e9df9049
SHA256

c60d6122c82f694d05e4e54446ddbf980bed657c6131ba51e4c359dc56dec701
SHA512

2bd8a8520c185e94dfa98abfe2433e79599a150b0a97edc8b8f0f74d45ca6a524a14f3aa633a22c8989dfd008248f4739614b3caf623cbedf983f323ce80ccb1
SSDEEP

12288:Ly0mm/XdI/uQ/hUEBk/XXpy5MlE2Xxioxc46bgk76+esTCmpi:LVu/PDsXpy5pqio2bH2mpi

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

wmispe.exe

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	wmispe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

wmispe.exesetalc.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmispe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setalc.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

wmispe.exe

pid	Process
3812	wmispe.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

wmispe.exe

pid	Process
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe
3812	wmispe.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

wmispe.exe

pid	Process
3812	wmispe.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

wmispe.exe

description	pid	Process	procid_target
PID 3812 wrote to memory of 2768	3812	wmispe.exe	83
PID 3812 wrote to memory of 2768	3812	wmispe.exe	83
PID 3812 wrote to memory of 2768	3812	wmispe.exe	83

C:\Users\Admin\AppData\Local\Temp\wmispe.exe
"C:\Users\Admin\AppData\Local\Temp\wmispe.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3812
- C:\Users\Admin\AppData\Local\Temp\setalc.exe
  "C:\Users\Admin\AppData\Local\Temp\setalc.exe" /SETDATE
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3812-0-0x0000000000400000-0x00000000006A5000-memory.dmp

Filesize
2.6MB

Download
memory/3812-1-0x0000000002930000-0x0000000002972000-memory.dmp

Filesize
264KB

Download
memory/3812-8-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/3812-7-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/3812-6-0x0000000002920000-0x0000000002921000-memory.dmp

Filesize
4KB

Download
memory/3812-5-0x0000000002A80000-0x0000000002A81000-memory.dmp

Filesize
4KB

Download
memory/3812-4-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/3812-3-0x0000000000980000-0x0000000000981000-memory.dmp

Filesize
4KB

Download
memory/3812-2-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/3812-9-0x0000000002A90000-0x0000000002A91000-memory.dmp

Filesize
4KB

Download
memory/3812-11-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3812-12-0x0000000002B10000-0x0000000002B12000-memory.dmp

Filesize
8KB

Download
memory/3812-13-0x0000000002B00000-0x0000000002B04000-memory.dmp

Filesize
16KB

Download
memory/3812-10-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/3812-19-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/3812-18-0x0000000002AF0000-0x0000000002AF1000-memory.dmp

Filesize
4KB

Download
memory/3812-17-0x0000000002AE0000-0x0000000002AE1000-memory.dmp

Filesize
4KB

Download
memory/3812-16-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/3812-15-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/3812-14-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/3812-23-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

Filesize
4KB

Download
memory/3812-42-0x0000000002E40000-0x0000000002E41000-memory.dmp

Filesize
4KB

Download
memory/3812-48-0x0000000003030000-0x0000000003031000-memory.dmp

Filesize
4KB

Download
memory/3812-47-0x0000000003040000-0x0000000003041000-memory.dmp

Filesize
4KB

Download
memory/3812-46-0x0000000003000000-0x0000000003001000-memory.dmp

Filesize
4KB

Download
memory/3812-45-0x0000000002EB0000-0x0000000002EB1000-memory.dmp

Filesize
4KB

Download
memory/3812-44-0x0000000002E90000-0x0000000002E91000-memory.dmp

Filesize
4KB

Download
memory/3812-43-0x0000000002E70000-0x0000000002E71000-memory.dmp

Filesize
4KB

Download
memory/3812-41-0x0000000002E50000-0x0000000002E51000-memory.dmp

Filesize
4KB

Download
memory/3812-40-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/3812-39-0x0000000002E30000-0x0000000002E31000-memory.dmp

Filesize
4KB

Download
memory/3812-38-0x0000000002E00000-0x0000000002E01000-memory.dmp

Filesize
4KB

Download
memory/3812-37-0x0000000002E10000-0x0000000002E11000-memory.dmp

Filesize
4KB

Download
memory/3812-36-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

Filesize
4KB

Download
memory/3812-35-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

Filesize
4KB

Download
memory/3812-34-0x0000000002CC0000-0x0000000002CC1000-memory.dmp

Filesize
4KB

Download
memory/3812-33-0x0000000002CD0000-0x0000000002CD1000-memory.dmp

Filesize
4KB

Download
memory/3812-32-0x0000000002CA0000-0x0000000002CA1000-memory.dmp

Filesize
4KB

Download
memory/3812-31-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

Filesize
4KB

Download
memory/3812-49-0x0000000000400000-0x00000000006A5000-memory.dmp

Filesize
2.6MB

Download
memory/3812-30-0x0000000002C80000-0x0000000002C81000-memory.dmp

Filesize
4KB

Download
memory/3812-60-0x0000000003020000-0x0000000003021000-memory.dmp

Filesize
4KB

Download
memory/3812-59-0x0000000003010000-0x0000000003011000-memory.dmp

Filesize
4KB

Download
memory/3812-58-0x0000000002EC0000-0x0000000002EC1000-memory.dmp

Filesize
4KB

Download
memory/3812-57-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/3812-56-0x0000000002E80000-0x0000000002E81000-memory.dmp

Filesize
4KB

Download
memory/3812-55-0x0000000002C70000-0x0000000002C71000-memory.dmp

Filesize
4KB

Download
memory/3812-54-0x0000000002C40000-0x0000000002C41000-memory.dmp

Filesize
4KB

Download
memory/3812-53-0x0000000002C50000-0x0000000002C51000-memory.dmp

Filesize
4KB

Download
memory/3812-52-0x0000000002C30000-0x0000000002C31000-memory.dmp

Filesize
4KB

Download
memory/3812-51-0x0000000003060000-0x0000000003061000-memory.dmp

Filesize
4KB

Download
memory/3812-50-0x0000000003070000-0x0000000003071000-memory.dmp

Filesize
4KB

Download
memory/3812-29-0x0000000002C90000-0x0000000002C91000-memory.dmp

Filesize
4KB

Download
memory/3812-28-0x0000000002C60000-0x0000000002C61000-memory.dmp

Filesize
4KB

Download
memory/3812-27-0x0000000002C20000-0x0000000002C21000-memory.dmp

Filesize
4KB

Download
memory/3812-26-0x0000000002C00000-0x0000000002C01000-memory.dmp

Filesize
4KB

Download
memory/3812-25-0x0000000002C10000-0x0000000002C11000-memory.dmp

Filesize
4KB

Download
memory/3812-24-0x0000000002BE0000-0x0000000002BE1000-memory.dmp

Filesize
4KB

Download
memory/3812-22-0x0000000002B90000-0x0000000002B91000-memory.dmp

Filesize
4KB

Download
memory/3812-21-0x0000000002BC0000-0x0000000002BC1000-memory.dmp

Filesize
4KB

Download
memory/3812-20-0x0000000002BD0000-0x0000000002BD1000-memory.dmp

Filesize
4KB

Download
memory/3812-61-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/3812-63-0x0000000002930000-0x0000000002972000-memory.dmp

Filesize
264KB

Download
memory/3812-62-0x00000000032D0000-0x00000000032D1000-memory.dmp

Filesize
4KB

Download
memory/3812-65-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/3812-83-0x0000000003500000-0x0000000003501000-memory.dmp

Filesize
4KB

Download
memory/3812-82-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download
memory/3812-81-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/3812-80-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/3812-79-0x00000000034B0000-0x00000000034B1000-memory.dmp

Filesize
4KB

Download
memory/3812-78-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3812-77-0x0000000003490000-0x0000000003491000-memory.dmp

Filesize
4KB

Download
memory/3812-76-0x00000000034A0000-0x00000000034A1000-memory.dmp

Filesize
4KB

Download
memory/3812-75-0x0000000003470000-0x0000000003471000-memory.dmp

Filesize
4KB

Download
memory/3812-74-0x0000000003480000-0x0000000003481000-memory.dmp

Filesize
4KB

Download
memory/3812-73-0x0000000003450000-0x0000000003451000-memory.dmp

Filesize
4KB

Download
memory/3812-72-0x0000000003460000-0x0000000003461000-memory.dmp

Filesize
4KB

Download
memory/3812-71-0x0000000003430000-0x0000000003431000-memory.dmp

Filesize
4KB

Download
memory/3812-70-0x0000000003440000-0x0000000003441000-memory.dmp

Filesize
4KB

Download
memory/3812-69-0x0000000003410000-0x0000000003411000-memory.dmp

Filesize
4KB

Download
memory/3812-68-0x0000000003420000-0x0000000003421000-memory.dmp

Filesize
4KB

Download
memory/3812-66-0x0000000003400000-0x0000000003401000-memory.dmp

Filesize
4KB

Download
memory/3812-67-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/3812-64-0x00000000033E0000-0x00000000033E1000-memory.dmp

Filesize
4KB

Download
memory/3812-89-0x0000000005720000-0x0000000005721000-memory.dmp

Filesize
4KB

Download
memory/3812-88-0x0000000005730000-0x0000000005731000-memory.dmp

Filesize
4KB

Download
memory/3812-87-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3812-86-0x0000000005710000-0x0000000005711000-memory.dmp

Filesize
4KB

Download
memory/3812-85-0x0000000003530000-0x0000000003531000-memory.dmp

Filesize
4KB

Download
memory/3812-84-0x0000000005700000-0x0000000005701000-memory.dmp

Filesize
4KB

Download
memory/3812-93-0x0000000005770000-0x0000000005771000-memory.dmp

Filesize
4KB

Download
memory/3812-94-0x0000000005760000-0x0000000005761000-memory.dmp

Filesize
4KB

Download
memory/3812-92-0x0000000005740000-0x0000000005741000-memory.dmp

Filesize
4KB

Download
memory/3812-91-0x0000000005750000-0x0000000005751000-memory.dmp

Filesize
4KB

Download
memory/3812-96-0x0000000003020000-0x0000000003021000-memory.dmp

Filesize
4KB

Download
memory/3812-98-0x0000000000400000-0x00000000006A5000-memory.dmp

Filesize
2.6MB

Download
memory/3812-99-0x0000000000400000-0x00000000006A5000-memory.dmp

Filesize
2.6MB

Download
memory/3812-100-0x0000000000400000-0x00000000006A5000-memory.dmp

Filesize
2.6MB

Download
memory/3812-101-0x0000000000400000-0x00000000006A5000-memory.dmp

Filesize
2.6MB

Download
memory/3812-102-0x0000000000400000-0x00000000006A5000-memory.dmp

Filesize
2.6MB

Download
memory/3812-103-0x0000000000400000-0x00000000006A5000-memory.dmp

Filesize
2.6MB

Download
memory/3812-106-0x0000000000400000-0x00000000006A5000-memory.dmp

Filesize
2.6MB

Download
memory/3812-107-0x0000000000400000-0x00000000006A5000-memory.dmp

Filesize
2.6MB

Download
memory/3812-108-0x0000000000400000-0x00000000006A5000-memory.dmp

Filesize
2.6MB

Download
memory/3812-109-0x0000000000400000-0x00000000006A5000-memory.dmp

Filesize
2.6MB

Download
memory/3812-110-0x0000000000400000-0x00000000006A5000-memory.dmp

Filesize
2.6MB

Download
memory/3812-111-0x0000000000400000-0x00000000006A5000-memory.dmp

Filesize
2.6MB

Download
memory/3812-112-0x0000000000400000-0x00000000006A5000-memory.dmp

Filesize
2.6MB

Download
memory/3812-115-0x0000000000400000-0x00000000006A5000-memory.dmp

Filesize
2.6MB

Download