d68cd5ea11f4b0cf0ce1594cb8c54d147a799edad553832345e9a70befe55f72 | Triage

Submit
Reports

Overview

overview

Static

static

d68cd5ea11...72.exe

windows7-x64

d68cd5ea11...72.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

d68cd5ea11f4b0cf0ce1594cb8c54d147a799edad553832345e9a70befe55f72
Size

308KB
Sample

221107-c786zsdeg7
MD5

0c6f34c19c98574c9bfb974c73d5b59d
SHA1

5d79c6058231c466fa92c9b8aa7ef68430b3f929
SHA256

d68cd5ea11f4b0cf0ce1594cb8c54d147a799edad553832345e9a70befe55f72
SHA512

5b07e6f0879b7a3f1a560a1bb09ae2dfdd47d4a91cd12b15ee847e8103b16c94de60a8d90c141ac7cbb4791eb47e05a0fc1674f07a521322385c3dbc192a688e
SSDEEP

6144:kh3rzMYXh+02d1r5ZTYnQbc0rF6tANv4hituxp38u0/:urgQmd195KQ40oANv4h8u/8l

Score

10^/10

evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

d68cd5ea11f4b0cf0ce1594cb8c54d147a799edad553832345e9a70befe55f72.exe

Resource

win7-20220812-en

evasion persistence trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

d68cd5ea11f4b0cf0ce1594cb8c54d147a799edad553832345e9a70befe55f72.exe

Resource

win10v2004-20220812-en

evasion persistence trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  d68cd5ea11f4b0cf0ce1594cb8c54d147a799edad553832345e9a70befe55f72
- Size
  
  308KB
- MD5
  
  0c6f34c19c98574c9bfb974c73d5b59d
- SHA1
  
  5d79c6058231c466fa92c9b8aa7ef68430b3f929
- SHA256
  
  d68cd5ea11f4b0cf0ce1594cb8c54d147a799edad553832345e9a70befe55f72
- SHA512
  
  5b07e6f0879b7a3f1a560a1bb09ae2dfdd47d4a91cd12b15ee847e8103b16c94de60a8d90c141ac7cbb4791eb47e05a0fc1674f07a521322385c3dbc192a688e
- SSDEEP
  
  6144:kh3rzMYXh+02d1r5ZTYnQbc0rF6tANv4hituxp38u0/:urgQmd195KQ40oANv4h8u/8l
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan

© 2018-2025

Terms | Privacy