3f3307a94076116299711a4913ac8a1309fac6b4254832f367258e283cfd260b | Triage

Submit
Reports

Overview

overview

Static

static

3f3307a940...0b.exe

windows7-x64

3f3307a940...0b.exe

windows10-2004-x64

Sharing

General

Target

3f3307a94076116299711a4913ac8a1309fac6b4254832f367258e283cfd260b
Size

730KB
Sample

221125-jwjwaaga51
MD5

b849888deba833c47e824cd25adb39d6
SHA1

be8c12fb9a3fc59bb98113d5e1491c449a702a3a
SHA256

3f3307a94076116299711a4913ac8a1309fac6b4254832f367258e283cfd260b
SHA512

f9d33e634fe89b286aaeefc3d424ebbcea74e74d328afca9dc99a7eb0f88880c4802eb66fe76e6c9d88db26b79390bfab35ef5d4d903112206a46bb861bfa75c
SSDEEP

12288:fH16hjKvCGe81mt5zgKGORvpeTMrq1b0hcZza+bx3yrqupt5Ye4i:/16QvC/tyiRv3Wu0x3y+atWe4i

Score

10^/10

persistence

Static task

static1

Behavioral task

behavioral1

Sample

3f3307a94076116299711a4913ac8a1309fac6b4254832f367258e283cfd260b.exe

Resource

win7-20220901-en

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

3f3307a94076116299711a4913ac8a1309fac6b4254832f367258e283cfd260b.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  3f3307a94076116299711a4913ac8a1309fac6b4254832f367258e283cfd260b
- Size
  
  730KB
- MD5
  
  b849888deba833c47e824cd25adb39d6
- SHA1
  
  be8c12fb9a3fc59bb98113d5e1491c449a702a3a
- SHA256
  
  3f3307a94076116299711a4913ac8a1309fac6b4254832f367258e283cfd260b
- SHA512
  
  f9d33e634fe89b286aaeefc3d424ebbcea74e74d328afca9dc99a7eb0f88880c4802eb66fe76e6c9d88db26b79390bfab35ef5d4d903112206a46bb861bfa75c
- SSDEEP
  
  12288:fH16hjKvCGe81mt5zgKGORvpeTMrq1b0hcZza+bx3yrqupt5Ye4i:/16QvC/tyiRv3Wu0x3y+atWe4i
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks for any installed AV software in registry
- Drops desktop.ini file(s)
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Security Software Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy