74baf1c40d6ccbdb43fb0da5ccd00b7c3ca11698117577da0ba3e2c5d015af1b | Triage

Submit
Reports

Overview

overview

8

Static

static

74baf1c40d...1b.exe

windows7-x64

8

74baf1c40d...1b.exe

windows10-2004-x64

8

Sharing

General

Target

74baf1c40d6ccbdb43fb0da5ccd00b7c3ca11698117577da0ba3e2c5d015af1b
Size

20KB
Sample

221011-r6hd7sadd6
MD5

6741cb540e2f76726ad89c77bdeecfe0
SHA1

0e89a7a37c349a1f2f26f3240b30d2bde24b3954
SHA256

74baf1c40d6ccbdb43fb0da5ccd00b7c3ca11698117577da0ba3e2c5d015af1b
SHA512

813b9dc051a8105e526562789d95e8cf493426977bd5f4fc0146351075198be24c3d68debea39a444df67430f5963a0de374fdf7883fec9b25f39085dbfd3cdd
SSDEEP

192:1l5E3krTuntKy0peHDfCpHfBv+I4QwXt9V+jqu0G5KDJB8S:1M3PnQoHDCpHf4I4Qwdc0G5KDJ+S

Score

8^/10

Static task

static1

Behavioral task

behavioral1

Sample

74baf1c40d6ccbdb43fb0da5ccd00b7c3ca11698117577da0ba3e2c5d015af1b.exe

Resource

win7-20220812-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

74baf1c40d6ccbdb43fb0da5ccd00b7c3ca11698117577da0ba3e2c5d015af1b.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  74baf1c40d6ccbdb43fb0da5ccd00b7c3ca11698117577da0ba3e2c5d015af1b
- Size
  
  20KB
- MD5
  
  6741cb540e2f76726ad89c77bdeecfe0
- SHA1
  
  0e89a7a37c349a1f2f26f3240b30d2bde24b3954
- SHA256
  
  74baf1c40d6ccbdb43fb0da5ccd00b7c3ca11698117577da0ba3e2c5d015af1b
- SHA512
  
  813b9dc051a8105e526562789d95e8cf493426977bd5f4fc0146351075198be24c3d68debea39a444df67430f5963a0de374fdf7883fec9b25f39085dbfd3cdd
- SSDEEP
  
  192:1l5E3krTuntKy0peHDfCpHfBv+I4QwXt9V+jqu0G5KDJB8S:1M3PnQoHDCpHf4I4Qwdc0G5KDJ+S
Score

8^/10
- Drops file in Drivers directory
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy