Overview

overview

10

Static

static

1

ogpfp.webp

windows7-x64

7

ogpfp.webp

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ogpfp.webp

  • Size

    2KB

  • Sample

    231111-ym1j1acb24

  • MD5

    34c23c33643b37d0a38e636dfdaa7998

  • SHA1

    3468bd3d1ba7605ab2f92c942a64bcd4b361075f

  • SHA256

    525e633900e52ac6f6e58f1e2ddb8585fda73a62babe82d181dc28abceec5aa8

  • SHA512

    5339ea5fe97089dcb3577ac632ce14e2cc5f6bbf67bb8ff19e1d5037ae987d1cb11c3d0dc8b7914b012fc418e7f5d16575df7ff312af98c7c0365c8f2d742356

Score
10/10

Malware Config

Targets

    • Target

      ogpfp.webp

    • Size

      2KB

    • MD5

      34c23c33643b37d0a38e636dfdaa7998

    • SHA1

      3468bd3d1ba7605ab2f92c942a64bcd4b361075f

    • SHA256

      525e633900e52ac6f6e58f1e2ddb8585fda73a62babe82d181dc28abceec5aa8

    • SHA512

      5339ea5fe97089dcb3577ac632ce14e2cc5f6bbf67bb8ff19e1d5037ae987d1cb11c3d0dc8b7914b012fc418e7f5d16575df7ff312af98c7c0365c8f2d742356

    Score
    10/10

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks