80930071626aa46a7ef7ebd2b285d203ebe554ea11d0799bf0395f6cb823a00a | Triage

Submit
Reports

Overview

overview

Static

static

a85d7d8861...32.exe

windows7-x64

a85d7d8861...32.exe

windows10-2004-x64

Sharing

General

Target

a85d7d886197d00f694f2ad8e7aa5b32.exe
Size

5.5MB
Sample

220830-qacy6shbgl
MD5

a85d7d886197d00f694f2ad8e7aa5b32
SHA1

af1424b1d292099d091aa4461ae6502412866176
SHA256

80930071626aa46a7ef7ebd2b285d203ebe554ea11d0799bf0395f6cb823a00a
SHA512

32a3f3d9b43ed92bc4514ae63e2b607e3f82469ac9cedbe49db01baf690b75545d9e54b894addd442604b0e231910d796af9512f654216630c39b4e95b6143fe
SSDEEP

98304:juWAuvKS7/fn+k45KJq7UX39Yn51g2MOw29TxmWZ3ElF68JlrcbYrCFmmO+:jkS7/fn25gH9oTw2RxxJElIglDrYt

Score

10^/10

discovery evasion exploit

Static task

static1

Behavioral task

behavioral1

Sample

a85d7d886197d00f694f2ad8e7aa5b32.exe

Resource

win7-20220812-en

discovery evasion exploit

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

a85d7d886197d00f694f2ad8e7aa5b32.exe

Resource

win10v2004-20220812-en

discovery evasion exploit

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  a85d7d886197d00f694f2ad8e7aa5b32.exe
- Size
  
  5.5MB
- MD5
  
  a85d7d886197d00f694f2ad8e7aa5b32
- SHA1
  
  af1424b1d292099d091aa4461ae6502412866176
- SHA256
  
  80930071626aa46a7ef7ebd2b285d203ebe554ea11d0799bf0395f6cb823a00a
- SHA512
  
  32a3f3d9b43ed92bc4514ae63e2b607e3f82469ac9cedbe49db01baf690b75545d9e54b894addd442604b0e231910d796af9512f654216630c39b4e95b6143fe
- SSDEEP
  
  98304:juWAuvKS7/fn+k45KJq7UX39Yn51g2MOw29TxmWZ3ElF68JlrcbYrCFmmO+:jkS7/fn25gH9oTw2RxxJElIglDrYt
Score

10^/10

discovery evasion exploit
- Modifies security service
  evasion
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Impair Defenses

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexploit

behavioral2

discoveryevasionexploit

© 2018-2024

Terms | Privacy