32d091a86c5a0323dd8d2ccc195427f8e798f88fae9bbb814fbbadcadfe26ba7 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

af48efac2b...fc.exe

windows7-x64

8

af48efac2b...fc.exe

windows10-2004-x64

7

Sharing

General

Target

af48efac2b7d97cc0b70559a0a2be8cfeae961306ed16f0c91706a3bef6d61fc.exe.zip
Size

12.4MB
Sample

231031-rk4ejshh6x
MD5

af408722597ec19432ee587539c94394
SHA1

d83d770c36fcb6ae89fc7b8347da98bee23d9501
SHA256

32d091a86c5a0323dd8d2ccc195427f8e798f88fae9bbb814fbbadcadfe26ba7
SHA512

bbedba995a1726edc0467fcbfcd4a9e8ac47071c9d5baf99c67f3cc257b3b86e88450a8b283fd6cc80040f7997ab98e847977d25dc4b0562ff6d03d81a8da03f
SSDEEP

196608:wGEmw/y+Upg+4MjRfEq/LGKusY8YgmvR0pDCPqCCY06QmQFVefiGz/IwB9SNR7ms:k/y/r5EY6K28YFmCCCCYpVfcwi7ms

Score

8^/10

persistence

Static task

static1

Behavioral task

behavioral1

Sample

af48efac2b7d97cc0b70559a0a2be8cfeae961306ed16f0c91706a3bef6d61fc.exe

Resource

win7-20231023-en

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

af48efac2b7d97cc0b70559a0a2be8cfeae961306ed16f0c91706a3bef6d61fc.exe

Resource

win10v2004-20231023-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  af48efac2b7d97cc0b70559a0a2be8cfeae961306ed16f0c91706a3bef6d61fc.exe
- Size
  
  12.5MB
- MD5
  
  d412865db372ff51f4237c496025639b
- SHA1
  
  9cd5409d3ecf569b61beac788215ff3711c0f6fc
- SHA256
  
  af48efac2b7d97cc0b70559a0a2be8cfeae961306ed16f0c91706a3bef6d61fc
- SHA512
  
  661532765f49d56ff41119217b29719837f9773c396ba6d9efa95d21dcfabd3d7c89c2e688b7da9b9a984d760bc505d980be3ba2ad14b1359423a891c34508b1
- SSDEEP
  
  393216:aqFZIAAa93h999999lvnMv+HmtFgWWgaxraJT4a:aPAN93h999999lMvmKgWKuTV
Score

8^/10

persistence
- Sets DLL path for service in the registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy