d2240214cc306ac4b5d90cc46025276a904ceec674a5122128cf5910873a9e27 | Triage

Submit
Reports

Overview

overview

Static

static

d2240214cc...27.exe

windows7-x64

d2240214cc...27.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

d2240214cc306ac4b5d90cc46025276a904ceec674a5122128cf5910873a9e27
Size

207KB
Sample

221202-3a44wadg42
MD5

e73fed1d54a657a7704569f50bc3c09d
SHA1

d63e6c0b3d1d634aa400f462fc1d8681adc09d07
SHA256

d2240214cc306ac4b5d90cc46025276a904ceec674a5122128cf5910873a9e27
SHA512

84c2427c857dd3cfc7a68c73c443810e3a34438bfecf4eb897c542cef5a43dc3faa72dc73714e2eb31d72f33526a24089122b1c60bd7176761e7c4f4d741a3aa
SSDEEP

3072:obpDCw1p3vmLvsZIaVwiwDcIbDHDCm/DER4eQS+2NS55w:gDCwfG1bnxLERRL+2v

Score

10^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

d2240214cc306ac4b5d90cc46025276a904ceec674a5122128cf5910873a9e27.exe

Resource

win7-20221111-en

evasion persistence

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

d2240214cc306ac4b5d90cc46025276a904ceec674a5122128cf5910873a9e27.exe

Resource

win10v2004-20221111-en

evasion persistence

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  d2240214cc306ac4b5d90cc46025276a904ceec674a5122128cf5910873a9e27
- Size
  
  207KB
- MD5
  
  e73fed1d54a657a7704569f50bc3c09d
- SHA1
  
  d63e6c0b3d1d634aa400f462fc1d8681adc09d07
- SHA256
  
  d2240214cc306ac4b5d90cc46025276a904ceec674a5122128cf5910873a9e27
- SHA512
  
  84c2427c857dd3cfc7a68c73c443810e3a34438bfecf4eb897c542cef5a43dc3faa72dc73714e2eb31d72f33526a24089122b1c60bd7176761e7c4f4d741a3aa
- SSDEEP
  
  3072:obpDCw1p3vmLvsZIaVwiwDcIbDHDCm/DER4eQS+2NS55w:gDCwfG1bnxLERRL+2v
Score

10^/10

evasion persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy