d3bc247d2da65f98490b7ce030a73d3ffbbc928b829759eff0be51ea8f96b0ba | Triage

Submit
Reports

Overview

overview

8

Static

static

d3bc247d2d...ba.exe

windows7-x64

8

d3bc247d2d...ba.exe

windows10-2004-x64

8

Sharing

General

Target

d3bc247d2da65f98490b7ce030a73d3ffbbc928b829759eff0be51ea8f96b0ba
Size

216KB
Sample

221123-s8jkqadc76
MD5

66403f9cbaa86bcf3ed3d9542efcd20c
SHA1

56efb7e03fc2d85940ae5d0d76c39d53e0f73ab2
SHA256

d3bc247d2da65f98490b7ce030a73d3ffbbc928b829759eff0be51ea8f96b0ba
SHA512

882d2f790aee8c7eaaaf4839d7b71bb924e4beb9d01c68134b76aab39f394446365b7100682700d70e46fdc188a3df3e64fbff2bb4852780ba8437bc71ae3451
SSDEEP

3072:xbZmtWciPCCENhg7jkfIGc7Ikeap0hhIJxzZ5URAeV4jsgyE+MBJkQ6:xbZm2OTKwQG6XbygxzARFqXkuY

Score

8^/10

persistence

Static task

static1

Behavioral task

behavioral1

Sample

d3bc247d2da65f98490b7ce030a73d3ffbbc928b829759eff0be51ea8f96b0ba.exe

Resource

win7-20220901-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

d3bc247d2da65f98490b7ce030a73d3ffbbc928b829759eff0be51ea8f96b0ba.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  d3bc247d2da65f98490b7ce030a73d3ffbbc928b829759eff0be51ea8f96b0ba
- Size
  
  216KB
- MD5
  
  66403f9cbaa86bcf3ed3d9542efcd20c
- SHA1
  
  56efb7e03fc2d85940ae5d0d76c39d53e0f73ab2
- SHA256
  
  d3bc247d2da65f98490b7ce030a73d3ffbbc928b829759eff0be51ea8f96b0ba
- SHA512
  
  882d2f790aee8c7eaaaf4839d7b71bb924e4beb9d01c68134b76aab39f394446365b7100682700d70e46fdc188a3df3e64fbff2bb4852780ba8437bc71ae3451
- SSDEEP
  
  3072:xbZmtWciPCCENhg7jkfIGc7Ikeap0hhIJxzZ5URAeV4jsgyE+MBJkQ6:xbZm2OTKwQG6XbygxzARFqXkuY
Score

8^/10

persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks for any installed AV software in registry
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Security Software Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy