912edd672020625d1037af9f02c39d5f38fb1f671a1a6466277287a246102b8b | Triage

Submit
Reports

Overview

overview

8

Static

static

912edd6720...8b.exe

windows7-x64

8

912edd6720...8b.exe

windows10-2004-x64

8

Sharing

General

Target

912edd672020625d1037af9f02c39d5f38fb1f671a1a6466277287a246102b8b
Size

1.7MB
Sample

221123-l26ncagc4y
MD5

8108ac9dca3e253a997b8fe17af25ae7
SHA1

09aaf4c9f9df68f270adf3eab5df3724d1222c74
SHA256

912edd672020625d1037af9f02c39d5f38fb1f671a1a6466277287a246102b8b
SHA512

5d562f0a1a2ece7592fd1c3f285e657aef30b0016d6de287210deb1e99053d5da573a0f2a19b9a9ae40050b925329533c82fd2d9feae70d3bc96713d8b9ba4b7
SSDEEP

49152:AUiwcIrayhV0A4d88w/iTxoMKNlvEGM7K8tESxEAsx7PPZgJ:AUiw14dTw/iT2MKNlvEj7/tESexrPiJ

Score

8^/10

Static task

static1

Behavioral task

behavioral1

Sample

912edd672020625d1037af9f02c39d5f38fb1f671a1a6466277287a246102b8b.exe

Resource

win7-20220812-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

912edd672020625d1037af9f02c39d5f38fb1f671a1a6466277287a246102b8b.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  912edd672020625d1037af9f02c39d5f38fb1f671a1a6466277287a246102b8b
- Size
  
  1.7MB
- MD5
  
  8108ac9dca3e253a997b8fe17af25ae7
- SHA1
  
  09aaf4c9f9df68f270adf3eab5df3724d1222c74
- SHA256
  
  912edd672020625d1037af9f02c39d5f38fb1f671a1a6466277287a246102b8b
- SHA512
  
  5d562f0a1a2ece7592fd1c3f285e657aef30b0016d6de287210deb1e99053d5da573a0f2a19b9a9ae40050b925329533c82fd2d9feae70d3bc96713d8b9ba4b7
- SSDEEP
  
  49152:AUiwcIrayhV0A4d88w/iTxoMKNlvEGM7K8tESxEAsx7PPZgJ:AUiw14dTw/iT2MKNlvEj7/tESexrPiJ
Score

8^/10
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy