General
-
Target
d58fb5c1a383e259686664461f83359118f998457164ab1ca15b51721100b984
-
Size
403KB
-
Sample
220520-rt5zqsgde9
-
MD5
f8ec13a230a3a3843086ca3a1e593460
-
SHA1
fdc8e1048606d91a907a1dfbc53642832c3dd353
-
SHA256
d58fb5c1a383e259686664461f83359118f998457164ab1ca15b51721100b984
-
SHA512
84992de78e267502adc78c4be8a1f0b1092672fd5aafbe1c41b8dbd2a977aba1a50c624892c168227318bf3c1c0f6e058edb39f2eec97bba06d9b9c5ad4d3c47
Static task
static1
Behavioral task
behavioral1
Sample
Quotation 12052020-doc.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation 12052020-doc.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Quotation 12052020-doc.exe
-
Size
760KB
-
MD5
a755796ffa8f905ecc4e382b80518a71
-
SHA1
28a9048dd5f82525e8bbd1012c11f24941d07112
-
SHA256
9f20ec0199d293e7dd83aec28d9a12669880eed778ce2132f13ce5aa54c14d3c
-
SHA512
dabcd1f4a1d5dcb1339ca5e9a4013633ca268f64987f76ddd49cc9a21675ad986794b070073b4edd476b2c5d6cd2092f9fbcfcbac52c86f4e105de08894699a1
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-