5bd240f2a18523d5285fa2f7b5bf065a8632d3a81a4c2a9cc6e7a9747257d8ec | Triage

Submit
Reports

Overview

overview

8

Static

static

1

KeyLock.Se...10.exe

windows10-2004-x64

8

Sharing

General

Target

KeyLock.Setup-3.0.30011.10.exe
Size

3.3MB
Sample

230305-v6yb7sgd8v
MD5

9979af1ef22f480c786b6b41285975eb
SHA1

839801bb26241248a1537727da8bcd427c3adc26
SHA256

5bd240f2a18523d5285fa2f7b5bf065a8632d3a81a4c2a9cc6e7a9747257d8ec
SHA512

a355610c282d3bc9bc105efb1b7439ce441803aa28d3cd3504187d43a94d46cba122a8d6cb553a8c85aaba85bb1c8c8f6f273fcbf35b3d1a1c3b3707883e7ee6
SSDEEP

49152:Qqe3f6X0w/XK3tf1cTCX2pS3q2wkp5VPHP+LQ6UZIwxj1E8JRTu4W:lSikkQf10J4Pv2Q6GdJi8JRTu4W

Score

8^/10

discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

KeyLock.Setup-3.0.30011.10.exe

Resource

win10v2004-20230220-en

discovery persistence

windows10-2004-x64

19 signatures

300 seconds

Malware Config

Targets

- Target
  
  KeyLock.Setup-3.0.30011.10.exe
- Size
  
  3.3MB
- MD5
  
  9979af1ef22f480c786b6b41285975eb
- SHA1
  
  839801bb26241248a1537727da8bcd427c3adc26
- SHA256
  
  5bd240f2a18523d5285fa2f7b5bf065a8632d3a81a4c2a9cc6e7a9747257d8ec
- SHA512
  
  a355610c282d3bc9bc105efb1b7439ce441803aa28d3cd3504187d43a94d46cba122a8d6cb553a8c85aaba85bb1c8c8f6f273fcbf35b3d1a1c3b3707883e7ee6
- SSDEEP
  
  49152:Qqe3f6X0w/XK3tf1cTCX2pS3q2wkp5VPHP+LQ6UZIwxj1E8JRTu4W:lSikkQf10J4Pv2Q6GdJi8JRTu4W
Score

8^/10

discovery persistence
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

© 2018-2025

Terms | Privacy