d32cff978cc7ecf29aa9f32a723128767a507911784962cb8c9bdba2398bc010 | Triage

Submit
Reports

Overview

overview

8

Static

static

d32cff978c...10.exe

windows7-x64

8

d32cff978c...10.exe

windows10-2004-x64

8

Sharing

General

Target

d32cff978cc7ecf29aa9f32a723128767a507911784962cb8c9bdba2398bc010
Size

3.4MB
Sample

221125-2lb2ssfb31
MD5

906b868998d02215179bf797ac3a3937
SHA1

491ba0ae984200c336395d59b9e13ec856d7c506
SHA256

d32cff978cc7ecf29aa9f32a723128767a507911784962cb8c9bdba2398bc010
SHA512

b2757cd136b431e5f76bd920947b95227f79ad00a6a76d85ee82a2ebb0e95059ce617b5c415c37862f54dc960668ebe62cb79e4ee66255951032680e86b6fcf0
SSDEEP

98304:x3yobVyq03fv0oKATM6A/7zf8iEFb1OL6PVgNZz8:tyey13EoXM68vHO5fPeNZw

Score

8^/10

discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

d32cff978cc7ecf29aa9f32a723128767a507911784962cb8c9bdba2398bc010.exe

Resource

win7-20220812-en

discovery persistence

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

d32cff978cc7ecf29aa9f32a723128767a507911784962cb8c9bdba2398bc010.exe

Resource

win10v2004-20220812-en

discovery persistence

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  d32cff978cc7ecf29aa9f32a723128767a507911784962cb8c9bdba2398bc010
- Size
  
  3.4MB
- MD5
  
  906b868998d02215179bf797ac3a3937
- SHA1
  
  491ba0ae984200c336395d59b9e13ec856d7c506
- SHA256
  
  d32cff978cc7ecf29aa9f32a723128767a507911784962cb8c9bdba2398bc010
- SHA512
  
  b2757cd136b431e5f76bd920947b95227f79ad00a6a76d85ee82a2ebb0e95059ce617b5c415c37862f54dc960668ebe62cb79e4ee66255951032680e86b6fcf0
- SSDEEP
  
  98304:x3yobVyq03fv0oKATM6A/7zf8iEFb1OL6PVgNZz8:tyey13EoXM68vHO5fPeNZw
Score

8^/10

discovery persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence

© 2018-2024

Terms | Privacy