b61fd2f19db2f7cc3d5777019163ca47bcc27b10758f28f50063773936327a5c | Triage

Submit
Reports

Overview

overview

8

Static

static

b61fd2f19d...5c.exe

windows7-x64

8

b61fd2f19d...5c.exe

windows10-2004-x64

8

Sharing

General

Target

b61fd2f19db2f7cc3d5777019163ca47bcc27b10758f28f50063773936327a5c
Size

3.2MB
Sample

230111-xb94madg92
MD5

6b95ebd772001bd61094e609c7bfc4d3
SHA1

13798c62dae5e8f292cb8aee21e33b26ffa30d9e
SHA256

b61fd2f19db2f7cc3d5777019163ca47bcc27b10758f28f50063773936327a5c
SHA512

b855c5e02b8129d44cd2a4f8bc53906ab6b2bb9c586436fc3480d352ff4619fa21e86c85acc335ec85e65b325884b801cb5ad4c4b690b24f83e31322a80f204c
SSDEEP

98304:0uWbym4gQK66iRj4hxyb16aUvbPaRj1f2axnTCW8yM2a:eLL98Uxy56aUvLaRxf2aNuyM2a

Score

8^/10

discovery exploit

Static task

static1

Behavioral task

behavioral1

Sample

b61fd2f19db2f7cc3d5777019163ca47bcc27b10758f28f50063773936327a5c.exe

Resource

win7-20221111-en

discovery exploit

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

b61fd2f19db2f7cc3d5777019163ca47bcc27b10758f28f50063773936327a5c.exe

Resource

win10v2004-20220812-en

discovery exploit

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  b61fd2f19db2f7cc3d5777019163ca47bcc27b10758f28f50063773936327a5c
- Size
  
  3.2MB
- MD5
  
  6b95ebd772001bd61094e609c7bfc4d3
- SHA1
  
  13798c62dae5e8f292cb8aee21e33b26ffa30d9e
- SHA256
  
  b61fd2f19db2f7cc3d5777019163ca47bcc27b10758f28f50063773936327a5c
- SHA512
  
  b855c5e02b8129d44cd2a4f8bc53906ab6b2bb9c586436fc3480d352ff4619fa21e86c85acc335ec85e65b325884b801cb5ad4c4b690b24f83e31322a80f204c
- SSDEEP
  
  98304:0uWbym4gQK66iRj4hxyb16aUvbPaRj1f2axnTCW8yM2a:eLL98Uxy56aUvLaRxf2aNuyM2a
Score

8^/10

discovery exploit
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryexploit

behavioral2

discoveryexploit

© 2018-2024

Terms | Privacy