Overview

overview

8

Static

static

344249e852...9f.exe

windows7-x64

8

344249e852...9f.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    344249e852ae3b450927291922e5d2561c36fa5b100abd5e7e0783d6fc5db19f

  • Size

    457KB

  • Sample

    221206-c3fc4shb65

  • MD5

    6fa26bc6676835cce3fcf6de88176939

  • SHA1

    1c0de553a2594a623a619f8afe00dd769b85d087

  • SHA256

    344249e852ae3b450927291922e5d2561c36fa5b100abd5e7e0783d6fc5db19f

  • SHA512

    d11d2ccd6bd8dbfa6d6e74f019d1d98e30bd29f4a2aba0322556ae7268c4dc0cf4b2f3de69694550f58704d6156f0cfc2087bd9043599b353a052f5b42abfd4f

  • SSDEEP

    6144:Jh6zQGkqO94lxnbBRk6el/NjZZYCUqG6qMluExPEQODsy/gvOvJ9Ji1Mxw9cXZE:iXkj4b9R3y/Y3NEeQOQycYw1EpE

Score
8/10
microsoftpersistencephishing

Malware Config

Targets

    • Target

      344249e852ae3b450927291922e5d2561c36fa5b100abd5e7e0783d6fc5db19f

    • Size

      457KB

    • MD5

      6fa26bc6676835cce3fcf6de88176939

    • SHA1

      1c0de553a2594a623a619f8afe00dd769b85d087

    • SHA256

      344249e852ae3b450927291922e5d2561c36fa5b100abd5e7e0783d6fc5db19f

    • SHA512

      d11d2ccd6bd8dbfa6d6e74f019d1d98e30bd29f4a2aba0322556ae7268c4dc0cf4b2f3de69694550f58704d6156f0cfc2087bd9043599b353a052f5b42abfd4f

    • SSDEEP

      6144:Jh6zQGkqO94lxnbBRk6el/NjZZYCUqG6qMluExPEQODsy/gvOvJ9Ji1Mxw9cXZE:iXkj4b9R3y/Y3NEeQOQycYw1EpE

    Score
    8/10
    microsoftpersistencephishing

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks