Overview

overview

8

Static

static

document8765.exe

windows7-x64

8

document8765.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document8765.exe

  • Size

    4.7MB

  • Sample

    221019-wfsjpsaed5

  • MD5

    b2a0b09874ba025e4909c76f3fc0fb70

  • SHA1

    80c75997f2582afdbc550f5256c13ff1424aab81

  • SHA256

    e1d1b39589002db4260dad9f4567cbb5a07803ca1fe7a17f1ca7f9bd1f035827

  • SHA512

    1bb29068e3c8f8547e719a951820790521215a2b057cffd9ba73fdfd8537c065151d64fa49bcdf25ba9671952b1b51bb05c8a94fef6c131bb834ff6a030e8194

  • SSDEEP

    98304:uFj6+6efPlwcw/lXvcbCOwEY/Gf4IPB3YwP:vefPzMlX+wjQP

Score
8/10
persistence

Malware Config

Targets

    • Target

      document8765.exe

    • Size

      4.7MB

    • MD5

      b2a0b09874ba025e4909c76f3fc0fb70

    • SHA1

      80c75997f2582afdbc550f5256c13ff1424aab81

    • SHA256

      e1d1b39589002db4260dad9f4567cbb5a07803ca1fe7a17f1ca7f9bd1f035827

    • SHA512

      1bb29068e3c8f8547e719a951820790521215a2b057cffd9ba73fdfd8537c065151d64fa49bcdf25ba9671952b1b51bb05c8a94fef6c131bb834ff6a030e8194

    • SSDEEP

      98304:uFj6+6efPlwcw/lXvcbCOwEY/Gf4IPB3YwP:vefPzMlX+wjQP

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks