General
-
Target
tmp
-
Size
4MB
-
Sample
230119-fkxffscb5s
-
MD5
e2c876ff5b1f24b59d928e595234cdef
-
SHA1
82d06b09b2a8c514929aab293242d4796d4ee39f
-
SHA256
e0622827883ae65735b2d662eb26e75aa70e1d90d5d37991a566a4ab9ff99244
-
SHA512
9562c0eb5485578c25f741beb5cb8206b2b4c7037e9a3bfa553ff833280c6788f730808e6fa93c7100486cd7877a33adddf8225944779638d304d1a42c66d7fd
-
SSDEEP
98304:ZXMmA6BgrvHq3uwG/9SopFAVrSkgAm2K2fklNvpJtpqCutXE:ZXb0TwmFzQ5PK2fklNvpJyCut
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
tmp
-
Size
4MB
-
MD5
e2c876ff5b1f24b59d928e595234cdef
-
SHA1
82d06b09b2a8c514929aab293242d4796d4ee39f
-
SHA256
e0622827883ae65735b2d662eb26e75aa70e1d90d5d37991a566a4ab9ff99244
-
SHA512
9562c0eb5485578c25f741beb5cb8206b2b4c7037e9a3bfa553ff833280c6788f730808e6fa93c7100486cd7877a33adddf8225944779638d304d1a42c66d7fd
-
SSDEEP
98304:ZXMmA6BgrvHq3uwG/9SopFAVrSkgAm2K2fklNvpJtpqCutXE:ZXb0TwmFzQ5PK2fklNvpJyCut
-
Modifies security service
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Modifies file permissions
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-