Overview

overview

10

Static

static

09a7132abc...b3.exe

windows7-x64

10

09a7132abc...b3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09a7132abc47c8485e40d12dc6db84b3.exe

  • Size

    207KB

  • Sample

    221221-g2lwqaeh3w

  • MD5

    09a7132abc47c8485e40d12dc6db84b3

  • SHA1

    3220a68704773ca2a6549c7968945e3a774553b3

  • SHA256

    aa03d4ff799f30857eaf1231d83957bffa98779d2556bf6aedeb540febd02cbb

  • SHA512

    e446d4c6a53ed3e677cea110b2f333e8f56fcc595856e1230c32c08e06ac4cb260d3d35b092ff44c543f7e8ce61ae9cb5679cf9ad9cf6e37cf2f49ffd79b7c89

  • SSDEEP

    6144:Izpmv1TcF/p/uwONct43Ep/uwONct43T92USK:ymS9pGHNu4UpGHNu4R2USK

Score
10/10

Malware Config

Targets

    • Target

      09a7132abc47c8485e40d12dc6db84b3.exe

    • Size

      207KB

    • MD5

      09a7132abc47c8485e40d12dc6db84b3

    • SHA1

      3220a68704773ca2a6549c7968945e3a774553b3

    • SHA256

      aa03d4ff799f30857eaf1231d83957bffa98779d2556bf6aedeb540febd02cbb

    • SHA512

      e446d4c6a53ed3e677cea110b2f333e8f56fcc595856e1230c32c08e06ac4cb260d3d35b092ff44c543f7e8ce61ae9cb5679cf9ad9cf6e37cf2f49ffd79b7c89

    • SSDEEP

      6144:Izpmv1TcF/p/uwONct43Ep/uwONct43T92USK:ymS9pGHNu4UpGHNu4R2USK

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks