4fd594d6b504845b7e05d9b129bd36b2f7fd9dd71403b4a3a3d0c3b7a882f4e2 | Triage

Sharing

General

Target

InstallDefenderUI.exe
Size

3.7MB
Sample

240306-2xnvqsbd38
MD5

d0d4b05c2b9b7cd1b056cd619580c854
SHA1

31e772d20daa64b497622da4a54743b829f32bd0
SHA256

4fd594d6b504845b7e05d9b129bd36b2f7fd9dd71403b4a3a3d0c3b7a882f4e2
SHA512

435984efe7d87609eef25ab552727303b724d5a29d9383c60beb8e3216fa58da8db9df22065684e6cf2c2002029d968839f4677d9aeb0bef960e82ed78e3c95c
SSDEEP

98304:skLyNo01VA4hzP2ixt4RAamul5hmN5JmX7b5eNoy12:LKs4RPx/4Yc5OXeHa12

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  InstallDefenderUI.exe
- Size
  
  3.7MB
- MD5
  
  d0d4b05c2b9b7cd1b056cd619580c854
- SHA1
  
  31e772d20daa64b497622da4a54743b829f32bd0
- SHA256
  
  4fd594d6b504845b7e05d9b129bd36b2f7fd9dd71403b4a3a3d0c3b7a882f4e2
- SHA512
  
  435984efe7d87609eef25ab552727303b724d5a29d9383c60beb8e3216fa58da8db9df22065684e6cf2c2002029d968839f4677d9aeb0bef960e82ed78e3c95c
- SSDEEP
  
  98304:skLyNo01VA4hzP2ixt4RAamul5hmN5JmX7b5eNoy12:LKs4RPx/4Yc5OXeHa12
Score

8^/10

evasion
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2