1cf3e4500025dea0c9a35aa1b5742217adcfabb20177b35fc60b29539958af11 | Triage

Sharing

General

Target

1cf3e4500025dea0c9a35aa1b5742217adcfabb20177b35fc60b29539958af11
Size

670KB
Sample

221124-n6rq4acc26
MD5

f9087aa7a91ee560c9d2eb6b9d3c221b
SHA1

6847894de63800b09163516158a6a92ba2791f1c
SHA256

1cf3e4500025dea0c9a35aa1b5742217adcfabb20177b35fc60b29539958af11
SHA512

03d0de9b9a8a99f0de6fea4c79e6df09858f3e6fb7efa9ea01ce1b14ab6f4b6114da3a8e867db8f30398396a561ac3b0097f5571c70d38c661c79ba55a046722
SSDEEP

12288:UvnaxxuYYcVSqgOjtNv9AyTHWbdkWe3neQvQzvbqs+byelqLzzKFKZrE:MSxuYYKzgcNFAyTH3b3eqs+melqLzuFt

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  PO_630436_Gaertner_Fedi_AG_Gen._Co.doc.exe
- Size
  
  784KB
- MD5
  
  727cf9b0b43fc9b2c847af74fad5f448
- SHA1
  
  d2818dc169481d3d462d726c7feacfd8e14c72f8
- SHA256
  
  e8505098fc9bee082979749c19e7c49503b50747f11268513f38449af4b63f28
- SHA512
  
  017dbe3658d802394d95461cfd7eadeb4ee1bbf23a799c6739f7815e34d29a6b590073f4c214f082497c51230c66d1abb9a970057d2a50cda2c0f27b0a3e7e75
- SSDEEP
  
  12288:Jat0EAH49n8BYPixahL7jHbvbAyTRylz6e3nowvQ1vbes+Ly8lqLzXKFmq9LL/:4t24dnbzAyTRen3mes+W8lqLzaFmqF
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2