Resubmissions
02-12-2024 01:29
241202-bwgrxsslev 601-12-2024 01:16
241201-bm536a1rbv 701-12-2024 01:06
241201-bf6q4swlcn 630-11-2024 23:55
241130-3yyxrstqbq 630-11-2024 23:55
241130-3ypn4azjfv 630-11-2024 23:35
241130-3lf67atmal 630-11-2024 22:13
241130-15bppsxjhx 727-11-2024 20:24
241127-y6snhaynhv 726-11-2024 17:03
241126-vkvzyswqdk 7Analysis
-
max time kernel
287s -
max time network
302s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
30-11-2024 22:13
General
-
Target
psr.exe
-
Size
13.4MB
-
MD5
33c9518c086d0cca4a636bc86728485e
-
SHA1
2420ad25e243ab8905b49f60fe7fb96590661f50
-
SHA256
ba30ea16cd8fbd9209d40ae193206ad00f042d100524cf310982c33369325ca2
-
SHA512
6c2c470607b88e7cd79411b7a645b395cee3306a23e6ba50b8ac57f7d5529a1b350c34e19da69aeb1ffade44d5187b4a1ef209a53d21a83e9e35add10fc7867d
-
SSDEEP
49152:W/XzWTJmbjeHLKLpyNpaQ+69tPvGUmskDXs4Awd9CBqcUiInvlT2hPnXiwzYJ33S:W/EmGrKL2pllzP+UNkEARmzY1C
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\psr.exe"C:\Users\Admin\AppData\Local\Temp\psr.exe"1⤵
- Checks computer location settings
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\psr.exe"C:\Users\Admin\AppData\Local\Temp\psr.exe" -cv WmOsFwZJpEifinRf.0 -enableservices2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD53a16ce313f0aedba14943c83ef4a853a
SHA1e3d635fcf3471a638153e8756da3d3e06cf102f1
SHA2560d6943432a32c38e203c1a2eace24145e470b06d9d73bdf3a82a32955124d00d
SHA512a89b9b75ca9a0556eff3ddfc202ac17e3d78c2a5334b61a1f97d9aa802234b2bbcb43b20fe2440d45c6a742e69a4032cdae5e92e491d1a5b79fe21cdf475ae6a
-
Filesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
Filesize
224KB
-
Filesize
13.4MB
-
Filesize
32KB
-
Filesize
40KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
56KB
-
Filesize
4KB
-
Filesize
152KB
-
Filesize
136KB
-
Filesize
32KB
-
Filesize
4KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
7.7MB