Resubmissions
02-12-2024 01:29
241202-bwgrxsslev 601-12-2024 01:16
241201-bm536a1rbv 701-12-2024 01:06
241201-bf6q4swlcn 630-11-2024 23:55
241130-3yyxrstqbq 630-11-2024 23:55
241130-3ypn4azjfv 630-11-2024 23:35
241130-3lf67atmal 630-11-2024 22:13
241130-15bppsxjhx 727-11-2024 20:24
241127-y6snhaynhv 726-11-2024 17:03
241126-vkvzyswqdk 7Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241023-en -
resource tags
-
submitted
27-11-2024 20:24
General
-
Target
psr.exe
-
Size
13.4MB
-
MD5
33c9518c086d0cca4a636bc86728485e
-
SHA1
2420ad25e243ab8905b49f60fe7fb96590661f50
-
SHA256
ba30ea16cd8fbd9209d40ae193206ad00f042d100524cf310982c33369325ca2
-
SHA512
6c2c470607b88e7cd79411b7a645b395cee3306a23e6ba50b8ac57f7d5529a1b350c34e19da69aeb1ffade44d5187b4a1ef209a53d21a83e9e35add10fc7867d
-
SSDEEP
49152:W/XzWTJmbjeHLKLpyNpaQ+69tPvGUmskDXs4Awd9CBqcUiInvlT2hPnXiwzYJ33S:W/EmGrKL2pllzP+UNkEARmzY1C
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\psr.exe"C:\Users\Admin\AppData\Local\Temp\psr.exe"1⤵
- Checks computer location settings
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\psr.exe"C:\Users\Admin\AppData\Local\Temp\psr.exe" -cv Us8bVBtCVEeCCAzT.0 -enableservices2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5385501c3a886b9c44f00348684acfe32
SHA17ef6f2a5df531c3e327cc19460d7f8e152f84e1b
SHA256213b622a43394981b45a4f4a6308aaaeb452370bf705178e9b30c4ca622f59ba
SHA5125bcece9fdd5afbda1a2386b34201bd691a59aa15f1aaf03150b60594bd93c550701ab268505cafc3809227f01e503227a7d7d5437a7c9477b5c16e947726d8d9
-
Filesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
Filesize
327KB
MD593bd7bf04d77912d98aaed6decad1b8e
SHA1885cd97fe084cc15c339aa9131dbaa98bdec38fe
SHA256a90c6244e2202b30a83db9eff60c06ba73c27307c357358f76679477782453c5
SHA5126d5c070459af13f9564514f975b0ed623518a9277d4bf359be8035dd3e15e81356017baa944042af9b8c61c78b659192aff624a262f41cffe2c282b67afe2eb4
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
40KB
-
Filesize
32KB
-
Filesize
56KB
-
Filesize
224KB
-
Filesize
4KB
-
Filesize
136KB
-
Filesize
32KB
-
Filesize
7.7MB
-
Filesize
4KB
-
Filesize
7.7MB
-
Filesize
152KB
-
Filesize
7.7MB
-
Filesize
13.4MB
-
Filesize
7.7MB
-
Filesize
7.7MB
