d2f5495bc7f3f0d5c8adb387618af1cf621ab8d00f9877946b4b1c15adb7b1be | Triage

Submit
Reports

Overview

overview

Static

static

d2f5495bc7...be.exe

windows7-x64

d2f5495bc7...be.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

d2f5495bc7f3f0d5c8adb387618af1cf621ab8d00f9877946b4b1c15adb7b1be
Size

45KB
Sample

221126-cr1vnsed54
MD5

e5160ef5c137e7f3e6236d802c7eb3fa
SHA1

4239bdb88b1159c693994b21e62390dc8ac5551f
SHA256

d2f5495bc7f3f0d5c8adb387618af1cf621ab8d00f9877946b4b1c15adb7b1be
SHA512

9dec9a945477facfa495133086001c0392c8c5b3b909cc12f36aadb3aed45f2cf79d735527a152ac78b94f4e74d705a2a2bee5a4a0e266b2cf50ad983e0d3549
SSDEEP

768:E1AuwHyeFo6NPIFAoslbf8eRYLGXdoIFbb5omuKWcbsvwnoT9D88888888888JX1:EOxyeFo6NPCAosxYyXdF5oy3VoK1

Score

10^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

d2f5495bc7f3f0d5c8adb387618af1cf621ab8d00f9877946b4b1c15adb7b1be.exe

Resource

win7-20220812-en

evasion persistence

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

d2f5495bc7f3f0d5c8adb387618af1cf621ab8d00f9877946b4b1c15adb7b1be.exe

Resource

win10v2004-20220812-en

evasion persistence

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  d2f5495bc7f3f0d5c8adb387618af1cf621ab8d00f9877946b4b1c15adb7b1be
- Size
  
  45KB
- MD5
  
  e5160ef5c137e7f3e6236d802c7eb3fa
- SHA1
  
  4239bdb88b1159c693994b21e62390dc8ac5551f
- SHA256
  
  d2f5495bc7f3f0d5c8adb387618af1cf621ab8d00f9877946b4b1c15adb7b1be
- SHA512
  
  9dec9a945477facfa495133086001c0392c8c5b3b909cc12f36aadb3aed45f2cf79d735527a152ac78b94f4e74d705a2a2bee5a4a0e266b2cf50ad983e0d3549
- SSDEEP
  
  768:E1AuwHyeFo6NPIFAoslbf8eRYLGXdoIFbb5omuKWcbsvwnoT9D88888888888JX1:EOxyeFo6NPCAosxYyXdF5oy3VoK1
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy