General
-
Target
Eleven.exe
-
Size
32KB
-
Sample
240513-fbn3qahh51
-
MD5
70d0c8d7dc4db88b1397c2d8b3a631eb
-
SHA1
fd96d0e7ac6b48f7df83671c8f4ee23fd441920c
-
SHA256
402b8c78bd16dd3bb8584a9867adc65e0524ce4b850ca62ca22b6e6f37aa3a54
-
SHA512
81e8dbccfd763dc17e458f41839a7061919f28727fa24377cb9ec9f7bb8cfae1d45f3cfbb8a49b506626ce05768b120933a39291f848fce7d545c20406a9ff88
-
SSDEEP
384:fWC14vKQBK5v1Zy8ILvnk+9A+12JCMYaa9l2IZn/KPnKU5NrmbKpM1HsqMjyKiS6:fevSFn+u7e1dKV76b3u484n+K
Static task
static1
Behavioral task
behavioral1
Sample
Eleven.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
Eleven.exe
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
Eleven.exe
-
Size
32KB
-
MD5
70d0c8d7dc4db88b1397c2d8b3a631eb
-
SHA1
fd96d0e7ac6b48f7df83671c8f4ee23fd441920c
-
SHA256
402b8c78bd16dd3bb8584a9867adc65e0524ce4b850ca62ca22b6e6f37aa3a54
-
SHA512
81e8dbccfd763dc17e458f41839a7061919f28727fa24377cb9ec9f7bb8cfae1d45f3cfbb8a49b506626ce05768b120933a39291f848fce7d545c20406a9ff88
-
SSDEEP
384:fWC14vKQBK5v1Zy8ILvnk+9A+12JCMYaa9l2IZn/KPnKU5NrmbKpM1HsqMjyKiS6:fevSFn+u7e1dKV76b3u484n+K
Score10/10-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1