5199f4e0d80f7c7445ddf120ec17f05dd94e3c9293a87024f1ab41a4eb60279d | Triage

Submit
Reports

Overview

overview

8

Static

static

1

03091132.exe

windows7-x64

8

03091132.exe

windows10-2004-x64

8

Sharing

General

Target

03091132
Size

68.3MB
Sample

220829-h5bqlaega6
MD5

d2457793c05186062eb3aa6d7ab0797c
SHA1

456b732d643e792e977ba6f440969b5ec5e56b01
SHA256

5199f4e0d80f7c7445ddf120ec17f05dd94e3c9293a87024f1ab41a4eb60279d
SHA512

bab22acd3a0faddf25d880038ec29242982e1c64dcbd394cd2cc3dbace6f2a39cfe1dc56244c8c18d56e4c9605ae7b19c46dba4fb10862c70e6ab46017412099
SSDEEP

1572864:k6pfZnJiBolI39FtdGdLATNInXE2YP/OsGtYBs14K:kg1JdlI3DDGdExuKOsGtY+1X

Score

8^/10

discovery evasion exploit persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

03091132.exe

Resource

win7-20220812-en

discovery evasion exploit persistence

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

03091132.exe

Resource

win10v2004-20220812-en

discovery evasion exploit persistence

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  03091132
- Size
  
  68.3MB
- MD5
  
  d2457793c05186062eb3aa6d7ab0797c
- SHA1
  
  456b732d643e792e977ba6f440969b5ec5e56b01
- SHA256
  
  5199f4e0d80f7c7445ddf120ec17f05dd94e3c9293a87024f1ab41a4eb60279d
- SHA512
  
  bab22acd3a0faddf25d880038ec29242982e1c64dcbd394cd2cc3dbace6f2a39cfe1dc56244c8c18d56e4c9605ae7b19c46dba4fb10862c70e6ab46017412099
- SSDEEP
  
  1572864:k6pfZnJiBolI39FtdGdLATNInXE2YP/OsGtYBs14K:kg1JdlI3DDGdExuKOsGtY+1X
Score

8^/10

discovery evasion exploit persistence
- Creates new service(s)
  persistence
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Impair Defenses

File Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexploitpersistence

behavioral2

discoveryevasionexploitpersistence

© 2018-2024

Terms | Privacy