General
-
Target
DeadCodeLauncher.exe
-
Size
9.0MB
-
Sample
231121-trkl5agc6y
-
MD5
ac8388a792b0401fd6621e760f4c7794
-
SHA1
47c13ebdb00cbb8e0ec71c5b0a6070accc2293c0
-
SHA256
920841766c2da541592a0ae874c8528cdb6b3009b5f1873c4d19bacbb116ac40
-
SHA512
51596efeefd0a877d35783a68d389c7e498e26684c2e4bc49045a4a2644c3f7b8561a7593e030a750b86b1dc1c1a038c2a17080ffb1510afa25a78304c51f321
-
SSDEEP
196608:eewLDETe6rklPsowwaEAIrpOZOu83ifnZfBZQHwKP6pFbOpaC:92gxASg1h1Owu83iflBZSwKAFbO8C
Static task
static1
Behavioral task
behavioral1
Sample
DeadCodeLauncher.exe
Resource
win10-20231025-en
Malware Config
Extracted
C:\Users\Admin\Desktop\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
DeadCodeLauncher.exe
-
Size
9.0MB
-
MD5
ac8388a792b0401fd6621e760f4c7794
-
SHA1
47c13ebdb00cbb8e0ec71c5b0a6070accc2293c0
-
SHA256
920841766c2da541592a0ae874c8528cdb6b3009b5f1873c4d19bacbb116ac40
-
SHA512
51596efeefd0a877d35783a68d389c7e498e26684c2e4bc49045a4a2644c3f7b8561a7593e030a750b86b1dc1c1a038c2a17080ffb1510afa25a78304c51f321
-
SSDEEP
196608:eewLDETe6rklPsowwaEAIrpOZOu83ifnZfBZQHwKP6pFbOpaC:92gxASg1h1Owu83iflBZSwKAFbO8C
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
File and Directory Permissions Modification
1Modify Registry
4Hide Artifacts
1Hidden Files and Directories
1