General
-
Target
iniuria crack.exe
-
Size
286KB
-
Sample
240225-q16n6sdg8s
-
MD5
29dc9fe471bc74ab91ef3bc6d9fd45fd
-
SHA1
7da49abbfce447fdcec50b24f70dcade654ab961
-
SHA256
0ef72a3eea01fd39c185eaded6fc204d14a423fef050f69afca8e74e80a4f5cf
-
SHA512
382682d4d4c1f7d89d2276812eff464fcc5ffec3da775f8bed75435d79259bd75954ad9ff3329497e55165947366339696ee38141746d6cc67c62ba59cf8b500
-
SSDEEP
3072:0Qa4GSK/RYhmn6Ir0OkkaU0NDyj3RzyjGFh2Bi:0mGS6eh66Kkka1NDyj3Rzyjd
Malware Config
Targets
-
-
Target
iniuria crack.exe
-
Size
286KB
-
MD5
29dc9fe471bc74ab91ef3bc6d9fd45fd
-
SHA1
7da49abbfce447fdcec50b24f70dcade654ab961
-
SHA256
0ef72a3eea01fd39c185eaded6fc204d14a423fef050f69afca8e74e80a4f5cf
-
SHA512
382682d4d4c1f7d89d2276812eff464fcc5ffec3da775f8bed75435d79259bd75954ad9ff3329497e55165947366339696ee38141746d6cc67c62ba59cf8b500
-
SSDEEP
3072:0Qa4GSK/RYhmn6Ir0OkkaU0NDyj3RzyjGFh2Bi:0mGS6eh66Kkka1NDyj3Rzyjd
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1