General
-
Target
tmp.bin
-
Size
670KB
-
Sample
240522-c6axsshg33
-
MD5
f7aef9626bdc4486b03d6edd12da9dea
-
SHA1
b020bfd387db5a54be11bd0938cf56d7a50f73af
-
SHA256
41b3c8d5c7a82b55f449b8636077f8396f7db56d7c6ba639326d3fb4da1b9341
-
SHA512
48dc23734f75a07eafad5cc9dda928bbe688c9e025211e882162e1f620359ee133f456e6e45b4479b1a42b505897754819d774d34d47d08e6eaf5bd9e72f28a1
-
SSDEEP
12288:CAZsu9gdK4gc0j1XRNnHGRvHDhx+douwd/pSDtVQvyXKUGgdRlS:YuSwRVzHGRvHDKdoTvStVQvybGg5
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
tmp.bin
-
Size
670KB
-
MD5
f7aef9626bdc4486b03d6edd12da9dea
-
SHA1
b020bfd387db5a54be11bd0938cf56d7a50f73af
-
SHA256
41b3c8d5c7a82b55f449b8636077f8396f7db56d7c6ba639326d3fb4da1b9341
-
SHA512
48dc23734f75a07eafad5cc9dda928bbe688c9e025211e882162e1f620359ee133f456e6e45b4479b1a42b505897754819d774d34d47d08e6eaf5bd9e72f28a1
-
SSDEEP
12288:CAZsu9gdK4gc0j1XRNnHGRvHDhx+douwd/pSDtVQvyXKUGgdRlS:YuSwRVzHGRvHDKdoTvStVQvybGg5
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-