Overview

overview

10

Static

static

3

builder.exe

windows7-x64

3

builder.exe

windows10-2004-x64

10

Resubmissions

02/07/2023, 04:36

230702-e8d4caaf64 10

02/07/2023, 04:34

230702-e7fwjsaf56 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    builder.exe

  • Size

    3KB

  • Sample

    230702-e7fwjsaf56

  • MD5

    cd5f6a629dd92b1526874a228307f7ed

  • SHA1

    3be62dece921a09af63b4cd3a73d84d7f2c7c1a1

  • SHA256

    5584d78e1c0c8472cd681d2a68689cb9373e1d765f4108a710238fd9abfcaf63

  • SHA512

    7bf3dbeeeb9c732229be49db4cfa6ae999da16dde9057ec900d63ded30eb65c7b7a3709312870dee58d4ba51e2826a8c47415d216bbdb4f461f897989ed3a65d

Score
10/10

Malware Config

Targets

    • Target

      builder.exe

    • Size

      3KB

    • MD5

      cd5f6a629dd92b1526874a228307f7ed

    • SHA1

      3be62dece921a09af63b4cd3a73d84d7f2c7c1a1

    • SHA256

      5584d78e1c0c8472cd681d2a68689cb9373e1d765f4108a710238fd9abfcaf63

    • SHA512

      7bf3dbeeeb9c732229be49db4cfa6ae999da16dde9057ec900d63ded30eb65c7b7a3709312870dee58d4ba51e2826a8c47415d216bbdb4f461f897989ed3a65d

    Score
    10/10

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks