179b98e2cb16a094755f853ae892b47948a8b6a83e7ca050d520e113ff180b2f | Triage

Submit
Reports

Overview

overview

7

Static

static

1

tmpws5_15mx.exe

windows7-x64

7

tmpws5_15mx.exe

windows10-2004-x64

7

Sharing

General

Target

tmpws5_15mx
Size

1.0MB
Sample

230327-md891ach76
MD5

5cc392e63c3dc70a7c7f4df36b2e8766
SHA1

b22002653deb3a96c5254fb9eb24f2b3c631471a
SHA256

179b98e2cb16a094755f853ae892b47948a8b6a83e7ca050d520e113ff180b2f
SHA512

7f9d5794c98c720f1797ccad7bde2ece513576676edd1aef4ed2bd6cf6ca0eb846d98d2dd404564d7a6b3a21484d314ecf0b01af103166e5a908ff59bff0507f
SSDEEP

24576:x41pyeFLdKeWjA1v+rArY/GRyaYNPZkfJFjm/97b:/udKeWWoAUOwaYNPZoJ6

Score

7^/10

Static task

static1

Behavioral task

behavioral1

Sample

tmpws5_15mx.exe

Resource

win7-20230220-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmpws5_15mx.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  tmpws5_15mx
- Size
  
  1.0MB
- MD5
  
  5cc392e63c3dc70a7c7f4df36b2e8766
- SHA1
  
  b22002653deb3a96c5254fb9eb24f2b3c631471a
- SHA256
  
  179b98e2cb16a094755f853ae892b47948a8b6a83e7ca050d520e113ff180b2f
- SHA512
  
  7f9d5794c98c720f1797ccad7bde2ece513576676edd1aef4ed2bd6cf6ca0eb846d98d2dd404564d7a6b3a21484d314ecf0b01af103166e5a908ff59bff0507f
- SSDEEP
  
  24576:x41pyeFLdKeWjA1v+rArY/GRyaYNPZkfJFjm/97b:/udKeWWoAUOwaYNPZoJ6
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy