62ba6f76a9dfa3cd19b768e435124b8217420d58efad6265ce20a443deb3619d | Triage

Submit
Reports

Overview

overview

Static

static

62ba6f76a9...9d.exe

windows7_x64

62ba6f76a9...9d.exe

windows10-2004_x64

Sharing

General

Target

62ba6f76a9dfa3cd19b768e435124b8217420d58efad6265ce20a443deb3619d
Size

167KB
Sample

220327-drgx8sceh3
MD5

e2dd51185d89bf02160ca232d2c9be77
SHA1

d562fc86c73c154030b7f7021ecc10c89312cc22
SHA256

62ba6f76a9dfa3cd19b768e435124b8217420d58efad6265ce20a443deb3619d
SHA512

6d2e3cfdecbd7cbce5258b312405ad53f6e0e4a0b2a2f1e98795063cf0718203494125d663e411742c0033a6e1cb580843a1ff1475e25ea82bd09a2a70deb340

Score

10^/10

discovery evasion exploit persistence

Static task

static1

Behavioral task

behavioral1

Sample

62ba6f76a9dfa3cd19b768e435124b8217420d58efad6265ce20a443deb3619d.exe

Resource

win7-20220311-en

discovery evasion exploit persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

62ba6f76a9dfa3cd19b768e435124b8217420d58efad6265ce20a443deb3619d.exe

Resource

win10v2004-en-20220113

discovery evasion exploit persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  62ba6f76a9dfa3cd19b768e435124b8217420d58efad6265ce20a443deb3619d
- Size
  
  167KB
- MD5
  
  e2dd51185d89bf02160ca232d2c9be77
- SHA1
  
  d562fc86c73c154030b7f7021ecc10c89312cc22
- SHA256
  
  62ba6f76a9dfa3cd19b768e435124b8217420d58efad6265ce20a443deb3619d
- SHA512
  
  6d2e3cfdecbd7cbce5258b312405ad53f6e0e4a0b2a2f1e98795063cf0718203494125d663e411742c0033a6e1cb580843a1ff1475e25ea82bd09a2a70deb340
Score

10^/10

discovery evasion exploit persistence
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryevasionexploitpersistence

behavioral2

discoveryevasionexploitpersistence

© 2018-2024

Terms | Privacy