7112a63900deba925fca273de203be9555acbfe4074f8f618d9b2144db8d3170 | Triage

Sharing

General

Target

7112a63900deba925fca273de203be9555acbfe4074f8f618d9b2144db8d3170
Size

60KB
Sample

221001-3jqylsdcej
MD5

52aa50b65dc1945810ad85fe5b6d9def
SHA1

4acfc60501c028149ca2ff07e9ace3c69c205b0a
SHA256

7112a63900deba925fca273de203be9555acbfe4074f8f618d9b2144db8d3170
SHA512

b02cb0b33747f893ce81f7d7b7d475759b182b2356feb1680b3ea9d8147c936eb2375034ae556d5da2220f8284b2ee632c865faf6ba249c11ac58a4c98ad6256
SSDEEP

1536:PQDzb+9Z4YrbuPfrqc80CXI5uQ5cd7+LX0+X+saESQk1H8D:YviL7X0Tqc8ZXI3uFWXpnalBH6

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  7112a63900deba925fca273de203be9555acbfe4074f8f618d9b2144db8d3170
- Size
  
  60KB
- MD5
  
  52aa50b65dc1945810ad85fe5b6d9def
- SHA1
  
  4acfc60501c028149ca2ff07e9ace3c69c205b0a
- SHA256
  
  7112a63900deba925fca273de203be9555acbfe4074f8f618d9b2144db8d3170
- SHA512
  
  b02cb0b33747f893ce81f7d7b7d475759b182b2356feb1680b3ea9d8147c936eb2375034ae556d5da2220f8284b2ee632c865faf6ba249c11ac58a4c98ad6256
- SSDEEP
  
  1536:PQDzb+9Z4YrbuPfrqc80CXI5uQ5cd7+LX0+X+saESQk1H8D:YviL7X0Tqc8ZXI3uFWXpnalBH6
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2