01fc7f7d3b3ba707adfc5e0d07068df5dc1d63f1194d890599b45d96f3879218 | Triage

Submit
Reports

Overview

overview

Static

static

3

01fc7f7d3b...18.exe

windows7-x64

01fc7f7d3b...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

01fc7f7d3b3ba707adfc5e0d07068df5dc1d63f1194d890599b45d96f3879218
Size

44KB
Sample

240308-vp365acf39
MD5

9d3c5c231ebfe2714b47ba5e7508cf52
SHA1

5a294357a75f0cb26bd52230ef180b10a2ee243a
SHA256

01fc7f7d3b3ba707adfc5e0d07068df5dc1d63f1194d890599b45d96f3879218
SHA512

ebd4b1f440d23d3d4307ec5d2f565a6887659239db278dbe6878164a28dd118f47249004f84bba0963ac28c2e3316f6a6983ca12c8dd83e870d842fe2e7cec06
SSDEEP

768:UhwP3FyDD3jNBc6oMNcm1V6QGduH4jzokETPcbsvwnol9D88888888888JXa:0wP1yDDzzc6oMN31kUH4j8kETaVoIa

Score

10^/10

evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

01fc7f7d3b3ba707adfc5e0d07068df5dc1d63f1194d890599b45d96f3879218.exe

Resource

win7-20240221-en

evasion persistence

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

01fc7f7d3b3ba707adfc5e0d07068df5dc1d63f1194d890599b45d96f3879218.exe

Resource

win10v2004-20240226-en

evasion persistence

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  01fc7f7d3b3ba707adfc5e0d07068df5dc1d63f1194d890599b45d96f3879218
- Size
  
  44KB
- MD5
  
  9d3c5c231ebfe2714b47ba5e7508cf52
- SHA1
  
  5a294357a75f0cb26bd52230ef180b10a2ee243a
- SHA256
  
  01fc7f7d3b3ba707adfc5e0d07068df5dc1d63f1194d890599b45d96f3879218
- SHA512
  
  ebd4b1f440d23d3d4307ec5d2f565a6887659239db278dbe6878164a28dd118f47249004f84bba0963ac28c2e3316f6a6983ca12c8dd83e870d842fe2e7cec06
- SSDEEP
  
  768:UhwP3FyDD3jNBc6oMNcm1V6QGduH4jzokETPcbsvwnol9D88888888888JXa:0wP1yDDzzc6oMN31kUH4j8kETaVoIa
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy