a39ac30c3cac43d02e7c98e281176533ff69901e0960e258e95eba9b7f74050f | Triage

Submit
Reports

Overview

overview

Static

static

5

a39ac30c3c...0f.exe

windows7-x64

a39ac30c3c...0f.exe

windows10-2004-x64

Sharing

General

Target

a39ac30c3cac43d02e7c98e281176533ff69901e0960e258e95eba9b7f74050f
Size

763KB
Sample

221127-cdjdgabg43
MD5

29450941fc49b5d7ae5f5cd2187e3e7e
SHA1

24dc493f52acffdcd896cf66ccccd6041d97d099
SHA256

a39ac30c3cac43d02e7c98e281176533ff69901e0960e258e95eba9b7f74050f
SHA512

448a6eb6c1079184f60369c8fd4fda5452ee7cb54f33b93f023fefebd801dd16ef0907389e9bafcc5026ad87b386f958731654afe5c83645e16341b0f052f9b8
SSDEEP

12288:P6SKqT31T6WpJY6V765jKqostkm3ObvHVyKrCqDfUrt12F+z3xrKjH:CxqT31T6WE6I5jKqosOm+bfs0CqiDyeu

Score

10^/10

evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a39ac30c3cac43d02e7c98e281176533ff69901e0960e258e95eba9b7f74050f.exe

Resource

win7-20221111-en

evasion persistence

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

a39ac30c3cac43d02e7c98e281176533ff69901e0960e258e95eba9b7f74050f.exe

Resource

win10v2004-20220901-en

evasion persistence

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  a39ac30c3cac43d02e7c98e281176533ff69901e0960e258e95eba9b7f74050f
- Size
  
  763KB
- MD5
  
  29450941fc49b5d7ae5f5cd2187e3e7e
- SHA1
  
  24dc493f52acffdcd896cf66ccccd6041d97d099
- SHA256
  
  a39ac30c3cac43d02e7c98e281176533ff69901e0960e258e95eba9b7f74050f
- SHA512
  
  448a6eb6c1079184f60369c8fd4fda5452ee7cb54f33b93f023fefebd801dd16ef0907389e9bafcc5026ad87b386f958731654afe5c83645e16341b0f052f9b8
- SSDEEP
  
  12288:P6SKqT31T6WpJY6V765jKqostkm3ObvHVyKrCqDfUrt12F+z3xrKjH:CxqT31T6WE6I5jKqosOm+bfs0CqiDyeu
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy