e1d63956ed3d44aa0eb19c4964c1b84909fde1ab5e96d99812684ac9341f6100 | Triage

Sharing

General

Target

e1d63956ed3d44aa0eb19c4964c1b84909fde1ab5e96d99812684ac9341f6100
Size

1.4MB
Sample

221124-wkd7waaf65
MD5

71cf9e17f89c88d5e287017149e04af8
SHA1

a822a06b3efaea3a17bfb8d17e549f8a904bba2a
SHA256

e1d63956ed3d44aa0eb19c4964c1b84909fde1ab5e96d99812684ac9341f6100
SHA512

74e7f8af01a77716a0a6625ede3b0d8cac50c1f93f27eb146248c4d32737268fb26f3d7da0db6f9b5b5d5189f63b2007d94f80d61fc92b9b70dfe406c0fc0437
SSDEEP

24576:YDOdboF3zDAL08WR42XibVaUXWskvhSrC6DDNbswu6aJ2k:Jg3wzAl6XxkpODNbRah

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  e1d63956ed3d44aa0eb19c4964c1b84909fde1ab5e96d99812684ac9341f6100
- Size
  
  1.4MB
- MD5
  
  71cf9e17f89c88d5e287017149e04af8
- SHA1
  
  a822a06b3efaea3a17bfb8d17e549f8a904bba2a
- SHA256
  
  e1d63956ed3d44aa0eb19c4964c1b84909fde1ab5e96d99812684ac9341f6100
- SHA512
  
  74e7f8af01a77716a0a6625ede3b0d8cac50c1f93f27eb146248c4d32737268fb26f3d7da0db6f9b5b5d5189f63b2007d94f80d61fc92b9b70dfe406c0fc0437
- SSDEEP
  
  24576:YDOdboF3zDAL08WR42XibVaUXWskvhSrC6DDNbswu6aJ2k:Jg3wzAl6XxkpODNbRah
Score

8^/10

persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2