dab27d0b2235f29d526d4b12ba3c45141e944b621dec0da18fca9ad9475a2e7d | Triage

Submit
Reports

Overview

overview

Static

static

dab27d0b22...7d.exe

windows7-x64

dab27d0b22...7d.exe

windows10-2004-x64

Sharing

General

Target

dab27d0b2235f29d526d4b12ba3c45141e944b621dec0da18fca9ad9475a2e7d
Size

44KB
Sample

221029-sykd9sdcbl
MD5

e9d903adcf464c84e848dfd99b91b42d
SHA1

4752766f41027a781ecc0c1269561a092aab4962
SHA256

dab27d0b2235f29d526d4b12ba3c45141e944b621dec0da18fca9ad9475a2e7d
SHA512

c7e8704ee3f91b54c07a6475ac72ccb67fd5cd3b493b874ad25bbfac11cfd52ab198f96838c1a8c52b0b25160928b5375f8be1569b228d50929e13acb495a9ba
SSDEEP

768:UhwP3FyDD3jNBc6oMNcm1V6QGduH4jzokETPcbsvwnol9D88888888888JXT:0wP1yDDzzc6oMN31kUH4j8kETaVoIT

Score

10^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

dab27d0b2235f29d526d4b12ba3c45141e944b621dec0da18fca9ad9475a2e7d.exe

Resource

win7-20220901-en

evasion persistence

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

dab27d0b2235f29d526d4b12ba3c45141e944b621dec0da18fca9ad9475a2e7d.exe

Resource

win10v2004-20220812-en

evasion persistence

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  dab27d0b2235f29d526d4b12ba3c45141e944b621dec0da18fca9ad9475a2e7d
- Size
  
  44KB
- MD5
  
  e9d903adcf464c84e848dfd99b91b42d
- SHA1
  
  4752766f41027a781ecc0c1269561a092aab4962
- SHA256
  
  dab27d0b2235f29d526d4b12ba3c45141e944b621dec0da18fca9ad9475a2e7d
- SHA512
  
  c7e8704ee3f91b54c07a6475ac72ccb67fd5cd3b493b874ad25bbfac11cfd52ab198f96838c1a8c52b0b25160928b5375f8be1569b228d50929e13acb495a9ba
- SSDEEP
  
  768:UhwP3FyDD3jNBc6oMNcm1V6QGduH4jzokETPcbsvwnol9D88888888888JXT:0wP1yDDzzc6oMN31kUH4j8kETaVoIT
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy