Analysis
-
max time kernel
92s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
12-02-2024 19:41
Static task
static1
Behavioral task
behavioral1
Sample
d466abfb1a85ab690680b5f21a3e9cbb76a14848cce99bba6a75ed58fe675b78.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
d466abfb1a85ab690680b5f21a3e9cbb76a14848cce99bba6a75ed58fe675b78.exe
Resource
win10v2004-20231222-en
General
-
Target
d466abfb1a85ab690680b5f21a3e9cbb76a14848cce99bba6a75ed58fe675b78.exe
-
Size
4.8MB
-
MD5
c798918e3e39c16f7215faa310474ba5
-
SHA1
5ea8aebe55c033f7ab10159c59138083a8395451
-
SHA256
d466abfb1a85ab690680b5f21a3e9cbb76a14848cce99bba6a75ed58fe675b78
-
SHA512
1bb68a0db1392cb620110c9c2cd1c2eb53ac72f7052798a1d8b746ae1ed1cdfa17f041113bbf5cc454b77690344f5c8b0a07ccaa09dd9402cac77d2cbcf290e2
-
SSDEEP
98304:OQxqn48FFdqD8XGA3soumrhZsVczMuSPPwa:ON4iFKfbwhFEPYa
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
d466abfb1a85ab690680b5f21a3e9cbb76a14848cce99bba6a75ed58fe675b78.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation d466abfb1a85ab690680b5f21a3e9cbb76a14848cce99bba6a75ed58fe675b78.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
d466abfb1a85ab690680b5f21a3e9cbb76a14848cce99bba6a75ed58fe675b78.exepid process 5072 d466abfb1a85ab690680b5f21a3e9cbb76a14848cce99bba6a75ed58fe675b78.exe 5072 d466abfb1a85ab690680b5f21a3e9cbb76a14848cce99bba6a75ed58fe675b78.exe