1193403a19781c8f1da8d08a19083336f6ac3bee263d0119436a9d3dc86845be | Triage

Submit
Reports

Overview

overview

8

Static

static

3

1193403a19...be.exe

windows7-x64

8

1193403a19...be.exe

windows10-2004-x64

8

Sharing

General

Target

1193403a19781c8f1da8d08a19083336f6ac3bee263d0119436a9d3dc86845be
Size

230KB
Sample

240428-xdeqhaeb65
MD5

b75651939e852ce3e2c8466f3c02aefa
SHA1

5c077c2b724b36555b738f015377463caa72225b
SHA256

1193403a19781c8f1da8d08a19083336f6ac3bee263d0119436a9d3dc86845be
SHA512

0fd11b02fdcaa6c5a535757676b3d1675d2f110bf0525b394279b3bb69d8f5cb3948ca93ad31fca75e43501b305096d415cf6633f16b6394421fe0f44946768b
SSDEEP

3072:sr+Fu2II+HiXMcI/AKJj/+rzTPe9oPxM5DNmHWVcqelSxbfS6954bpqyZALx0XN+:/MHD3/AKsP2f5hBkpq0rpS

Score

8^/10

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1193403a19781c8f1da8d08a19083336f6ac3bee263d0119436a9d3dc86845be.exe

Resource

win7-20240221-en

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

1193403a19781c8f1da8d08a19083336f6ac3bee263d0119436a9d3dc86845be.exe

Resource

win10v2004-20240419-en

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  1193403a19781c8f1da8d08a19083336f6ac3bee263d0119436a9d3dc86845be
- Size
  
  230KB
- MD5
  
  b75651939e852ce3e2c8466f3c02aefa
- SHA1
  
  5c077c2b724b36555b738f015377463caa72225b
- SHA256
  
  1193403a19781c8f1da8d08a19083336f6ac3bee263d0119436a9d3dc86845be
- SHA512
  
  0fd11b02fdcaa6c5a535757676b3d1675d2f110bf0525b394279b3bb69d8f5cb3948ca93ad31fca75e43501b305096d415cf6633f16b6394421fe0f44946768b
- SSDEEP
  
  3072:sr+Fu2II+HiXMcI/AKJj/+rzTPe9oPxM5DNmHWVcqelSxbfS6954bpqyZALx0XN+:/MHD3/AKsP2f5hBkpq0rpS
Score

8^/10
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy