a6b304da706f65520019273d5f35dc9ede582febfe9e9a1d87c482eb46433256

Analysis

max time kernel
148s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2025, 08:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7dad12bd22c31f2618cc56cbd738f1cce5afaea128fcfe1deb18f4ac7366c9d2.exe
Size

1010KB
MD5

eb217b0ac055b81266b477fe13e1676f
SHA1

5347d74cd3021717c3d67105648f325613df0782
SHA256

7dad12bd22c31f2618cc56cbd738f1cce5afaea128fcfe1deb18f4ac7366c9d2
SHA512

6f38c118961844c7afa13bfe81a6d40de90bee23f5933a6949495db66a196372b224f676a6ecfca135fb9e6666e2b096e27b1be33adbf95cbed2c89361af8c38
SSDEEP

24576:OA/GdQEfRiHN7iaqCavgYCkS/Tfc8DvGyHa/d:OqEp6tKyX/TTHe

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
29	4712	DAsap.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	DAsap.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DownloadAsap.lnk	DAsap.exe

Executes dropped EXE 2 IoCs

pid	Process
2828	DAsap.exe
4712	DAsap.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7dad12bd22c31f2618cc56cbd738f1cce5afaea128fcfe1deb18f4ac7366c9d2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DAsap.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DAsap.exe

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
4712	DAsap.exe
4712	DAsap.exe
4712	DAsap.exe
4712	DAsap.exe
4712	DAsap.exe
4712	DAsap.exe
4712	DAsap.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
4712	DAsap.exe
4712	DAsap.exe
4712	DAsap.exe
4712	DAsap.exe
4712	DAsap.exe
4712	DAsap.exe
4712	DAsap.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4992 wrote to memory of 2828	4992	7dad12bd22c31f2618cc56cbd738f1cce5afaea128fcfe1deb18f4ac7366c9d2.exe	87
PID 4992 wrote to memory of 2828	4992	7dad12bd22c31f2618cc56cbd738f1cce5afaea128fcfe1deb18f4ac7366c9d2.exe	87
PID 4992 wrote to memory of 2828	4992	7dad12bd22c31f2618cc56cbd738f1cce5afaea128fcfe1deb18f4ac7366c9d2.exe	87
PID 2828 wrote to memory of 4712	2828	DAsap.exe	91
PID 2828 wrote to memory of 4712	2828	DAsap.exe	91
PID 2828 wrote to memory of 4712	2828	DAsap.exe	91

C:\Users\Admin\AppData\Local\Temp\7dad12bd22c31f2618cc56cbd738f1cce5afaea128fcfe1deb18f4ac7366c9d2.exe
"C:\Users\Admin\AppData\Local\Temp\7dad12bd22c31f2618cc56cbd738f1cce5afaea128fcfe1deb18f4ac7366c9d2.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4992
- C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\SFX20250409082538804\DAsap.exe
  "C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\SFX20250409082538804\DAsap.exe" -entry
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2828
- - C:\Users\Admin\AppData\Local\Centralx\DAsap\DAsap.exe
    "C:\Users\Admin\AppData\Local\Centralx\DAsap\DAsap.exe"
    3⤵
    - Downloads MZ/PE file
    - Drops startup file
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4712

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\SFX20250409082538804\DAsap.lng

Filesize
2KB

MD5
b4c28f8d7afb680328d007be1214eaef

SHA1
963e66857fab9f2a662cd09db9812119919e0218

SHA256
38b8b0898ac19c5843cca47084902f06f209a0531e9eb80b1aac819e34055f01

SHA512
8d9438664939eba1dbba33a97f3ff9a9169d618f566f1c7b8572f0a7c6a831d3979e4bb0f407d2c41adfd2841655e17d9c0d54facd30cac83218dca90a089468

Download Submit
C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\SFX20250409082538804\DAsapEntry.ini

Filesize
102KB

MD5
272af2fb09e12d721f28b19f0a2bab17

SHA1
58da01ea4f739ab0aa30306e0a6f47ede8a3a54d

SHA256
35621e28c2cd5cc8e335e0ad3e7a4be98c49b58513a6a0ecbda6f618e7d6acf4

SHA512
90cbaa963d0c5d24f8847415d5aeb832131228ddcaf3759d06e9ec95acd54cb17cf496f3b4f051af933fc54e28cab0dcc7a622d082f3f6aa43938800041f0e97

Download Submit
C:\Users\Admin\AppData\Local\Centralx\DAsap\DAsap.ini

Filesize
83KB

MD5
af7f3fe20c37c962b95556919420baea

SHA1
52d7e93c0885c0560bc8ac8daf7bdd98a4173e52

SHA256
11028e7f437d63e3bf0274679598ce5b44fe54102049335d75654d24ae1b553e

SHA512
9ec42c60fe5f25e45c4a276873b1fd026acaae18fb223fe03f8d826e7169057358843c81595acca457e47d5ab9be02a2327277424cc5704d7a39311b69141c89

Download Submit
C:\Users\Admin\AppData\Local\Centralx\DAsap\Temp\map116.tmp

Filesize
2KB

MD5
bfa45cf04985c5a164d9c762df55752a

SHA1
e467e2f6ed5a4d2c8ab9cf214abad8bd02554a69

SHA256
5a9fdeec5c8f3fbadd7badd1c914cef6331ed9b5c5808702d06e1ae6cd5add84

SHA512
3c3f288437563354c773fa687cfa0b9c492fdee06676bb3104f596d5cfe36a5be26de03c0e7fbae5418cdc1c1cfcd86cfb17a8f692bc97631227bf5bf9f32c2b

Download Submit
C:\Users\Admin\AppData\Local\Centralx\DAsap\Temp\map116.tmp

Filesize
2KB

MD5
7efac2ff9807ca59d3b41825ee89c52a

SHA1
c746da2b7d1b690d9866fc8a8fb27e29de7b25a0

SHA256
3e39a0fc735517f8692fd30ba8ce4cbe0379fddf05bdd49ff2201f348732896d

SHA512
99823035045eaa90855d60cbec450fd97b1cb54e6de01ccdb8ac9f7d2123a8681ff700f69dbaf509b559cca1fecfb1926aa3f33d75b29a2919e9f87fb0c77751

Download Submit
C:\Users\Admin\AppData\Local\Centralx\DAsap\Temp\map116.tmp

Filesize
2KB

MD5
f72507e530019cdcd3084b5142dce140

SHA1
6e6fcf12f0e854fe09d4b0f5439f564e0f5b4051

SHA256
4a84310128b2fa239b49e960b414fa994f1e3119b5ef578d09d5bd0e8d727e52

SHA512
0af8ac6f9f306f3ab45bcb6da09ed4d79e942c0be77bc1b56f39482c3168ab801c585951f5d90b8c9e285101693e54ff5016f6e9d4069390992b1a1d6b8c0ea4

Download Submit
C:\Users\Admin\AppData\Local\Centralx\DAsap\Temp\map116.tmp

Filesize
2KB

MD5
c862f0186231e33bc13b6286775c7c2b

SHA1
a246257ee7632fc592f8342f15cb2d3ce9f17129

SHA256
92a4038fc61917a6ba050241f7120e34328f26fd73d9b21cf8aa8880eb29dce7

SHA512
8f649194fda531eb8ea2e44593d1a7f6fd0876e8bda14a98f4357a4e847902c24093059e49bd549ebe079e95d9deaf6e34038ec8430b7797467bd39b25d86da8

Download Submit
C:\Users\Admin\AppData\Local\Centralx\DAsap\Temp\map116.tmp

Filesize
2KB

MD5
030171b14a1acf6411f3fd08e6f5b18f

SHA1
b3ad9de45c6e0889291a9e810c1b400d8a4a87ef

SHA256
9bc89788ce080537d48ae2f3a7f698938d0e7e7b4474b6630deec1ec82f514c2

SHA512
b69c18e34b42c049f45b0549f5e3900b4c1369450681af3dbf9a1e173798061399e8f2079dfd9a9fece629695f18f63b8bdf74e5a01ebe1e7cecb82bf844bf87

Download Submit
C:\Users\Admin\AppData\Local\Centralx\DAsap\Temp\map116.tmp

Filesize
2KB

MD5
dfd765007e4e17a719498c4c639b3007

SHA1
50bf58f8a3b45c1f8dd61c2db24bcee86325a362

SHA256
d045d6c06d4d326b27b5c271e56494a4d379e7bd938ec09c5e32a23718f6ea04

SHA512
0e542820c8db1836d0d8bd5a2378dc16b2ccb4a2589b9ba01075b55327ce3eb7de16fd9a0fb8f76345605c49a840a621fff6839aa6cf40a742bf605a68c4d717

Download Submit
C:\Users\Admin\AppData\Local\Centralx\DAsap\Temp\map116.tmp

Filesize
2KB

MD5
92dc0a28d2946d746c796500c9d0a936

SHA1
10a8c099b90527b8b3a126f193126b4d43648c8d

SHA256
0d6600762b93b63c901edb3de8fc0bb3cead28b0bd14034dc9a34a5b492cbaa0

SHA512
c86d3b0ccf369000f1f1e23ca9cf105d62088e2f97f1e0e3f1563443304ccf29fdc6a14eb85c10bbf92793cc8351694b42795a35f49bf4e8a5879a61e129d31b

Download Submit
C:\Users\Admin\AppData\Local\Centralx\DAsap\Temp\map116.tmp

Filesize
2KB

MD5
8f22b3781b10998d58cbcad79d42c617

SHA1
7e9ddcfea550fae2c7353a987e32f39ddea27766

SHA256
9d7a18c063e85ee6298597020104fb5c46508d35e989d71cb2934478072a80f6

SHA512
d4b9a012fb9656cbf6eefad422d6f14964d9a962c62c258c13362b32aabe8dafdefd2a4ccee39ae0742d9bbc7341b38b5cee0d3d3628d95203975ba7512b2a64

Download Submit
C:\Users\Admin\AppData\Local\Centralx\DAsap\Temp\map116.tmp

Filesize
2KB

MD5
41229014a9c2c2b55f2906c1cf2f43bf

SHA1
b80e94d3554f46b5560c1600e9be199eb26c46e6

SHA256
d62500353b078cedd9826f19a0ba74a013295de2769f435c50105bb1bc56456e

SHA512
a0fe391f9c25a68062a8e8976308e5441f3e3207539970dd92876a1556139257ae69d007502ba4168c55f32b56d74d5acd6c3bcf5f2e7242e5949e319a733b3f

Download Submit
C:\Users\Admin\AppData\Local\Centralx\DAsap\Temp\map116.tmp

Filesize
2KB

MD5
0edeb389329352b686e2631306bdb85f

SHA1
50a7d33195f89de229c561fa4bc5fedd0775e759

SHA256
bc648eb4aa35451696de38fffd7c5b9598282bc873a0d913134b1f639d7a2a9a

SHA512
1b24791a77608c96de77b7ed997302105928e5b73de0aafc5db2c4da2e7d7cc0a4120183aabd6682b6ac1af672586fe7e172b356b9508904171c6d45f6b044af

Download Submit
C:\Users\Admin\AppData\Local\Centralx\DAsap\Temp\map116.tmp

Filesize
2KB

MD5
174397568a2320bdb7a8a41822e8b0f6

SHA1
6aa1c6e8a82cc3f805a380ea11d40350598fad62

SHA256
c52789596a0417b47f59c06f0aca8326dec9b25967663333171c27d3ce330c24

SHA512
3139e0c124ccaadb45f4c2b4f5c3ca192c1b2627da54059ed2e4ecd06ffd87e65a0bc1cd0a09e85902e020da209e505fa2203190cb924aa55680e50f9f5d36b6

Download Submit
C:\Users\Admin\AppData\Local\Centralx\DAsap\Temp\map116.tmp

Filesize
2KB

MD5
f70fd966a4f12a6f4d8fec61f899dff5

SHA1
e1804598f13bb132a767d5f9927f16ae1ad4adbe

SHA256
112f8655931476e562f561882feab66babeb787d452fe5f1cbc99deee02f5d9b

SHA512
3be810c9c88e256cb5b4ebfa0c013b9f3cbf1fc865513baaa06993ff0f049a6ba0f40c3723228a7f73559cd4b8256c872c17a6d042223fbd6a2936328e682ea4

Download Submit
C:\Users\Admin\AppData\Local\Centralx\DAsap\Temp\map116.tmp

Filesize
2KB

MD5
07f02ab74ba50639ddab995495227baa

SHA1
ea6f1d29eff03c35f554acb268d3ce355caf50c4

SHA256
065da02064b504f0555429455e2e3451af77c894c8bdb77fdd8d524d6781af19

SHA512
c0c8cfe2e4b6fc1b3849b6a1e50d2c36b4b22cae41e11bb6b3c2ee4968e9c4fb94d65051f27b04bfc9f453160bd4439c1a198933c37eab67c48bd97757a4e69c

Download Submit
C:\Users\Admin\AppData\Local\Centralx\DAsap\Temp\map116.tmp

Filesize
2KB

MD5
7156b347ab52b4dd651f02891142dea0

SHA1
e4f27cd32c15824b7c897d316d70efa01e946258

SHA256
9352ebeac05449ce0d3d6f1dd6bdae2f876d6106f073d4555fbfc4435cb4eefc

SHA512
78974112db5dbff8ed3ccf4d418906307786bb3c4d2d0b27095af205fc2ac3ce831f4a1162749cd083a61bc1a825c5eefa55eb7c61935e333741239261a03e77

Download Submit
C:\Users\Admin\AppData\Local\Temp\SFX20250409082538804\dasap.exe

Filesize
1.2MB

MD5
c4e2cff7a8f6fcb920671c4741f86361

SHA1
38626d0d1b7e93460bbf5af11263f2e4e6de2f40

SHA256
42efc2a700c8efe9754b1746532a8f92c0f017aec5efb867ec4f10b291f1dd23

SHA512
21afe116e2292031b17fecdf7d2cd597c34d585bbe664c5554aee9b246f15c06c9f45822f1548a5b5089e7938109a040b0d4b7da5c6df6f2008fcd5a57e113db

Download Submit
memory/2828-24-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/2828-7-0x0000000000720000-0x0000000000721000-memory.dmp

Filesize
4KB

Download
memory/4712-270-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/4712-304-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/4712-392-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/4712-248-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/4712-247-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/4712-259-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/4712-381-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/4712-281-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/4712-292-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/4712-25-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/4712-315-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/4712-326-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/4712-337-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/4712-348-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/4712-359-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/4712-370-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/4992-0-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/4992-26-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download