c3f5040d96ee461e4a54af12e772f7d4d85cf6562a61651f7e1c2add2ee7c5d6 | Triage

Submit
Reports

Overview

overview

7

Static

static

c3f5040d96...d6.exe

windows7-x64

7

c3f5040d96...d6.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

c3f5040d96ee461e4a54af12e772f7d4d85cf6562a61651f7e1c2add2ee7c5d6
Size

169KB
Sample

221002-ph9gnsefh3
MD5

49f9b7ba4287e263661fe65307cd4440
SHA1

63e0250d101baf78ffe23564bfbe81dc509dbaa8
SHA256

c3f5040d96ee461e4a54af12e772f7d4d85cf6562a61651f7e1c2add2ee7c5d6
SHA512

2cd8c85f8065c306da782befad237c828977f464086d50e95f25e9325d8f562e00a58dcf0adc117d20fbd5ae201bfae9707919d9dd469fb02822b4f44c75d09c
SSDEEP

3072:ZBmH2vJOFECqXlDdumXRWiZtgB+Ld+Ky2DEkCNGd5s4:ZS2vD1DduGZtb+a5h

Score

7^/10

Static task

static1

Behavioral task

behavioral1

Sample

c3f5040d96ee461e4a54af12e772f7d4d85cf6562a61651f7e1c2add2ee7c5d6.exe

Resource

win7-20220812-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

c3f5040d96ee461e4a54af12e772f7d4d85cf6562a61651f7e1c2add2ee7c5d6.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  c3f5040d96ee461e4a54af12e772f7d4d85cf6562a61651f7e1c2add2ee7c5d6
- Size
  
  169KB
- MD5
  
  49f9b7ba4287e263661fe65307cd4440
- SHA1
  
  63e0250d101baf78ffe23564bfbe81dc509dbaa8
- SHA256
  
  c3f5040d96ee461e4a54af12e772f7d4d85cf6562a61651f7e1c2add2ee7c5d6
- SHA512
  
  2cd8c85f8065c306da782befad237c828977f464086d50e95f25e9325d8f562e00a58dcf0adc117d20fbd5ae201bfae9707919d9dd469fb02822b4f44c75d09c
- SSDEEP
  
  3072:ZBmH2vJOFECqXlDdumXRWiZtgB+Ld+Ky2DEkCNGd5s4:ZS2vD1DduGZtb+a5h
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy