a29223d6d22ebbfc9ff68bc41af05b3509843a390b1e3f1a883b829f4007e1b5 | Triage

Submit
Reports

Overview

overview

8

Static

static

a29223d6d2...b5.exe

windows7-x64

8

a29223d6d2...b5.exe

windows10-2004-x64

8

Sharing

General

Target

a29223d6d22ebbfc9ff68bc41af05b3509843a390b1e3f1a883b829f4007e1b5
Size

102KB
Sample

221203-tsv49aaf31
MD5

a7591dfb57df7926c9e081bc71b79b6a
SHA1

0d294dfc85b2fff024743da49d54926d6340392a
SHA256

a29223d6d22ebbfc9ff68bc41af05b3509843a390b1e3f1a883b829f4007e1b5
SHA512

37f26ec7dd00154ac0f8bb28fef9eae506867debc0ec401693e5e304e4b0679c5f6f4216a36e953b854e25d3cac361968c7d5da038bb85f67fff1729dd74cfc4
SSDEEP

1536:MIm5q1G27NKjwO5rF1EhByNLjXXXXXXHP2HmAXwVlQJHCBiIthuDf:zm+Kjwyr3EByNHYmAXwMiU+m

Score

8^/10

discovery exploit

Static task

static1

Behavioral task

behavioral1

Sample

a29223d6d22ebbfc9ff68bc41af05b3509843a390b1e3f1a883b829f4007e1b5.exe

Resource

win7-20220812-en

discovery exploit

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

a29223d6d22ebbfc9ff68bc41af05b3509843a390b1e3f1a883b829f4007e1b5.exe

Resource

win10v2004-20221111-en

discovery exploit

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  a29223d6d22ebbfc9ff68bc41af05b3509843a390b1e3f1a883b829f4007e1b5
- Size
  
  102KB
- MD5
  
  a7591dfb57df7926c9e081bc71b79b6a
- SHA1
  
  0d294dfc85b2fff024743da49d54926d6340392a
- SHA256
  
  a29223d6d22ebbfc9ff68bc41af05b3509843a390b1e3f1a883b829f4007e1b5
- SHA512
  
  37f26ec7dd00154ac0f8bb28fef9eae506867debc0ec401693e5e304e4b0679c5f6f4216a36e953b854e25d3cac361968c7d5da038bb85f67fff1729dd74cfc4
- SSDEEP
  
  1536:MIm5q1G27NKjwO5rF1EhByNLjXXXXXXHP2HmAXwVlQJHCBiIthuDf:zm+Kjwyr3EByNHYmAXwMiU+m
Score

8^/10

discovery exploit
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryexploit

behavioral2

discoveryexploit

© 2018-2024

Terms | Privacy