General
-
Target
0eda07e22619ffa11c789a1ebf945d8f8510a210dc7b1c898a9a09e706ad4b4c
-
Size
291KB
-
Sample
240521-kn2xkafa82
-
MD5
7562a8f108271b96994b95ea35494f7f
-
SHA1
42bf054fd00311f2a47f89c0c1d5674ff485ac71
-
SHA256
0eda07e22619ffa11c789a1ebf945d8f8510a210dc7b1c898a9a09e706ad4b4c
-
SHA512
e43076d160b33bd26845f7144e848b729d5fd329045835ced8d715dbcaff3fc0ca3bfad3f736a467c2835517fd548eee4aca8ec30a8655ec79777d5628e54259
-
SSDEEP
3072:1+eBqhy50T5gwq/8sAwoEHXfwaNVM+/ORSs5G2Ms4T6TFZbpBNjQiyMbS7BAC3ZJ:1/TUsAOfD++/x6JHvyf7BAUj8
Static task
static1
Behavioral task
behavioral1
Sample
0eda07e22619ffa11c789a1ebf945d8f8510a210dc7b1c898a9a09e706ad4b4c.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
0eda07e22619ffa11c789a1ebf945d8f8510a210dc7b1c898a9a09e706ad4b4c
-
Size
291KB
-
MD5
7562a8f108271b96994b95ea35494f7f
-
SHA1
42bf054fd00311f2a47f89c0c1d5674ff485ac71
-
SHA256
0eda07e22619ffa11c789a1ebf945d8f8510a210dc7b1c898a9a09e706ad4b4c
-
SHA512
e43076d160b33bd26845f7144e848b729d5fd329045835ced8d715dbcaff3fc0ca3bfad3f736a467c2835517fd548eee4aca8ec30a8655ec79777d5628e54259
-
SSDEEP
3072:1+eBqhy50T5gwq/8sAwoEHXfwaNVM+/ORSs5G2Ms4T6TFZbpBNjQiyMbS7BAC3ZJ:1/TUsAOfD++/x6JHvyf7BAUj8
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-