704ed81fef1e76466aefc2345793d7ee7123411c5b51b702a9e5ffb582595c6a | Triage

Submit
Reports

Overview

overview

Static

static

704ed81fef...6a.exe

windows7-x64

704ed81fef...6a.exe

windows10-2004-x64

Sharing

General

Target

704ed81fef1e76466aefc2345793d7ee7123411c5b51b702a9e5ffb582595c6a
Size

320KB
Sample

221129-t4xgfsfc54
MD5

e3ac19cdbcc42b240148d8b91594244a
SHA1

1249ee516c74cc71771e27ac1e3f02d722fb1112
SHA256

704ed81fef1e76466aefc2345793d7ee7123411c5b51b702a9e5ffb582595c6a
SHA512

b2cf2461fb8b323aefdfec609888277d8a92a75837abf641ed4f7725d5e09157bc6ec24268d202753a9949176b7720bbf53630a10a06f33cc2aac56380497da2
SSDEEP

6144:rTwEo1IV3puaibGKFHi0mofhaH05kipz016580bHFMdkhq86JQPDHDdx/QtqR:fCgvmzFHi0mo5aH0qMzd5807F7qPJQPx

Score

10^/10

evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

704ed81fef1e76466aefc2345793d7ee7123411c5b51b702a9e5ffb582595c6a.exe

Resource

win7-20220812-en

evasion persistence trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

704ed81fef1e76466aefc2345793d7ee7123411c5b51b702a9e5ffb582595c6a.exe

Resource

win10v2004-20221111-en

evasion persistence trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  704ed81fef1e76466aefc2345793d7ee7123411c5b51b702a9e5ffb582595c6a
- Size
  
  320KB
- MD5
  
  e3ac19cdbcc42b240148d8b91594244a
- SHA1
  
  1249ee516c74cc71771e27ac1e3f02d722fb1112
- SHA256
  
  704ed81fef1e76466aefc2345793d7ee7123411c5b51b702a9e5ffb582595c6a
- SHA512
  
  b2cf2461fb8b323aefdfec609888277d8a92a75837abf641ed4f7725d5e09157bc6ec24268d202753a9949176b7720bbf53630a10a06f33cc2aac56380497da2
- SSDEEP
  
  6144:rTwEo1IV3puaibGKFHi0mofhaH05kipz016580bHFMdkhq86JQPDHDdx/QtqR:fCgvmzFHi0mo5aH0qMzd5807F7qPJQPx
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan

© 2018-2025

Terms | Privacy