Overview

overview

8

Static

static

3

Harry.Pott...HP.exe

windows7-x64

8

Harry.Pott...HP.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Harry.Potter.and.the.Sorcerers.Stone.zip

  • Size

    357.3MB

  • Sample

    240326-qchbnsdh4t

  • MD5

    1c12b22a383f07bee0e71616ca0e82ef

  • SHA1

    ef07857b5573bb7159a4153cf8da5a10dcfde48e

  • SHA256

    6fdfebc76195793c43ae7439ba54b9022346dfda713c3b7bcf8b5371d62e1779

  • SHA512

    d177da28161d649db49fdb67bd145514791d4f89b762ffe769c78d2640b9129caa722c62abe53951d37ec5cab76c1c6c27e746d9a184752cab0011c98ac42038

  • SSDEEP

    6291456:jhacUGwTyJazs4JcRWzLRUJIrEtqDv5WvL3MtVBMgakGq7h1Y2kqvux13Y8aScxn:jhXpw+JazXHW6rRD8IHBtakGqdG29m1C

Score
8/10

Malware Config

Targets

    • Target

      Harry.Potter.and.the.Sorcerers.Stone/Harry Potter/System/HP.exe

    • Size

      136KB

    • MD5

      7523f60d502b93a5ace911a32d0d0ef7

    • SHA1

      9aad58812940d27c7cd96d2920c726cc2d2fdde9

    • SHA256

      0c274cb13c49893fd56dac30fb87177ab3fa178762a9271572a75063da251417

    • SHA512

      46ec53d86816c3ea532cd69f4f8e22e2a233f0f1e97e6b15c97eb1aadbe4c9d39e60a1e3d7faccad677318695476a317613a56475323e37ed8e962d37099e4fc

    • SSDEEP

      1536:KHJ0mjPWMlPO+t+/U1gJKy0tCxfNxLKCNasI6Dxv9aGS0941vCgJMN:7A7lPiU1mSMxf34sIwxv9aGVuCgG

    Score
    8/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks