General
-
Target
58e4c84fabbc2da147340908ee012ec7bfcf7f609f596ab03a9b6d361893e8b3
-
Size
4.0MB
-
Sample
220625-fxpldafecl
-
MD5
ba071d7bca387135f0aba163a15b2f71
-
SHA1
3cb695417d3e774feef94c71ed27fb64222e5f73
-
SHA256
58e4c84fabbc2da147340908ee012ec7bfcf7f609f596ab03a9b6d361893e8b3
-
SHA512
6ae234a49d4ac9d145681e891540abaacbf3ca2dd7827d51d0a4756d2f34b47d297c57f9f691f68898b93b91cbc4939a7d062918d59a227f60f5f4007d93efcd
Static task
static1
Behavioral task
behavioral1
Sample
58e4c84fabbc2da147340908ee012ec7bfcf7f609f596ab03a9b6d361893e8b3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
58e4c84fabbc2da147340908ee012ec7bfcf7f609f596ab03a9b6d361893e8b3.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
58e4c84fabbc2da147340908ee012ec7bfcf7f609f596ab03a9b6d361893e8b3
-
Size
4.0MB
-
MD5
ba071d7bca387135f0aba163a15b2f71
-
SHA1
3cb695417d3e774feef94c71ed27fb64222e5f73
-
SHA256
58e4c84fabbc2da147340908ee012ec7bfcf7f609f596ab03a9b6d361893e8b3
-
SHA512
6ae234a49d4ac9d145681e891540abaacbf3ca2dd7827d51d0a4756d2f34b47d297c57f9f691f68898b93b91cbc4939a7d062918d59a227f60f5f4007d93efcd
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-