8f179bd65c740d4f9832a90372e7d731e28ba4e3c8559187a05ec32c2559f9b7 | Triage

Submit
Reports

Overview

overview

8

Static

static

8f179bd65c...b7.exe

windows7-x64

8

8f179bd65c...b7.exe

windows10-2004-x64

8

Sharing

General

Target

8f179bd65c740d4f9832a90372e7d731e28ba4e3c8559187a05ec32c2559f9b7
Size

361KB
Sample

221123-qzda8sfc36
MD5

68294a8c41f6d87bab65899673f2012a
SHA1

6088baaba218e9fa1a8246913ac3b7b5b18a456f
SHA256

8f179bd65c740d4f9832a90372e7d731e28ba4e3c8559187a05ec32c2559f9b7
SHA512

5b4fe5d051b546c84c28affe24982cb0f97b0b5aa5eb6393e8c273a2eef5c44954a887b81a1c76785fc073d0b7ad4bb79535004a345aa33ad6be69e630a55762
SSDEEP

6144:aOtsZ0z0qiELrxCzc5dxlMsiC7sI31riG5DkzQWxuJXttry:aOO0zDVxngtSFikkz7xALy

Score

8^/10

persistence

Static task

static1

Behavioral task

behavioral1

Sample

8f179bd65c740d4f9832a90372e7d731e28ba4e3c8559187a05ec32c2559f9b7.exe

Resource

win7-20221111-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

8f179bd65c740d4f9832a90372e7d731e28ba4e3c8559187a05ec32c2559f9b7.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  8f179bd65c740d4f9832a90372e7d731e28ba4e3c8559187a05ec32c2559f9b7
- Size
  
  361KB
- MD5
  
  68294a8c41f6d87bab65899673f2012a
- SHA1
  
  6088baaba218e9fa1a8246913ac3b7b5b18a456f
- SHA256
  
  8f179bd65c740d4f9832a90372e7d731e28ba4e3c8559187a05ec32c2559f9b7
- SHA512
  
  5b4fe5d051b546c84c28affe24982cb0f97b0b5aa5eb6393e8c273a2eef5c44954a887b81a1c76785fc073d0b7ad4bb79535004a345aa33ad6be69e630a55762
- SSDEEP
  
  6144:aOtsZ0z0qiELrxCzc5dxlMsiC7sI31riG5DkzQWxuJXttry:aOO0zDVxngtSFikkz7xALy
Score

8^/10

persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks for any installed AV software in registry
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy