General
-
Target
NEAS.ff762f67dd773588b04c8eea29cacd40.exe
-
Size
506KB
-
Sample
231115-d1b4cacf8s
-
MD5
ff762f67dd773588b04c8eea29cacd40
-
SHA1
ff39d1983cd05030087a30668affef20cc8ebe15
-
SHA256
2b297aec5018fa4ff00f60b400d241892439a10888cac2cbc076b7125c5b5113
-
SHA512
0f608470da79b779def49378077791b7d1fdfd075ab5b333beecb24cd964a98ffc8d34df2f50fb45ee4c989d577bdfec27a67bd7e8e2e2e54acce51018bbe503
-
SSDEEP
6144:/pW2bgbbV28okoS1oWMkdlZQ5iioc+nBkl7x8aLAh6VA/wfCWY:/pW2IoioS6mh6CsA
Malware Config
Targets
-
-
Target
NEAS.ff762f67dd773588b04c8eea29cacd40.exe
-
Size
506KB
-
MD5
ff762f67dd773588b04c8eea29cacd40
-
SHA1
ff39d1983cd05030087a30668affef20cc8ebe15
-
SHA256
2b297aec5018fa4ff00f60b400d241892439a10888cac2cbc076b7125c5b5113
-
SHA512
0f608470da79b779def49378077791b7d1fdfd075ab5b333beecb24cd964a98ffc8d34df2f50fb45ee4c989d577bdfec27a67bd7e8e2e2e54acce51018bbe503
-
SSDEEP
6144:/pW2bgbbV28okoS1oWMkdlZQ5iioc+nBkl7x8aLAh6VA/wfCWY:/pW2IoioS6mh6CsA
Score10/10-
UAC bypass
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Modifies system executable filetype association
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1Change Default File Association
1