1ffaef081b66fba6d95e34d3c7c70b6958f6f76702bea07205162bba32387b1a | Triage

Sharing

General

Target

ChilledWindows.GUI.exe
Size

4.3MB
Sample

240312-wnk5lahf59
MD5

74ff57825e5256a5e145c246bdf55a48
SHA1

a09c4666725ee3791a46018899c977747751003c
SHA256

1ffaef081b66fba6d95e34d3c7c70b6958f6f76702bea07205162bba32387b1a
SHA512

207a63aef56a8941e2560be4242c107e93fa108f837dca59d04092b295cc685d7848840c8920ac7e415671d5902bf080b4ff8bcddfc88182315d9da4c8d39515
SSDEEP

98304:U3on4k4113jdraOptUIQu8GMuwxzrH+zpCYP/KTAurli:U3on4HjtUT3kUrHG0a

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  ChilledWindows.GUI.exe
- Size
  
  4.3MB
- MD5
  
  74ff57825e5256a5e145c246bdf55a48
- SHA1
  
  a09c4666725ee3791a46018899c977747751003c
- SHA256
  
  1ffaef081b66fba6d95e34d3c7c70b6958f6f76702bea07205162bba32387b1a
- SHA512
  
  207a63aef56a8941e2560be4242c107e93fa108f837dca59d04092b295cc685d7848840c8920ac7e415671d5902bf080b4ff8bcddfc88182315d9da4c8d39515
- SSDEEP
  
  98304:U3on4k4113jdraOptUIQu8GMuwxzrH+zpCYP/KTAurli:U3on4HjtUT3kUrHG0a
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2