General
-
Target
89c3190313af5145c54c565bfe60d03b143fe4dfbf38e9c5c8a47726fbd3c257
-
Size
730KB
-
Sample
240522-cmdvcahc2s
-
MD5
16df5928c906e18b91ee87172d94b874
-
SHA1
f250edf940f62a4265b4ebdc763739e28c37f9f6
-
SHA256
89c3190313af5145c54c565bfe60d03b143fe4dfbf38e9c5c8a47726fbd3c257
-
SHA512
9cce8a9dfa0ed10b506d2c8e1ffe940b49886afb1d4af539b49f87a0939e6953ac5c90f4545901be2d3c5109a7bc5bc98883a235c83e09c0530fdecba676bd4c
-
SSDEEP
12288:WzYn6yM/fPyNSXkan+MwP4/iNhyfb69S453cctk1x7gXYZuK:Fn6D/SNQww/iN8fb9XWk/0I1
Static task
static1
Behavioral task
behavioral1
Sample
89c3190313af5145c54c565bfe60d03b143fe4dfbf38e9c5c8a47726fbd3c257.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
89c3190313af5145c54c565bfe60d03b143fe4dfbf38e9c5c8a47726fbd3c257.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
89c3190313af5145c54c565bfe60d03b143fe4dfbf38e9c5c8a47726fbd3c257
-
Size
730KB
-
MD5
16df5928c906e18b91ee87172d94b874
-
SHA1
f250edf940f62a4265b4ebdc763739e28c37f9f6
-
SHA256
89c3190313af5145c54c565bfe60d03b143fe4dfbf38e9c5c8a47726fbd3c257
-
SHA512
9cce8a9dfa0ed10b506d2c8e1ffe940b49886afb1d4af539b49f87a0939e6953ac5c90f4545901be2d3c5109a7bc5bc98883a235c83e09c0530fdecba676bd4c
-
SSDEEP
12288:WzYn6yM/fPyNSXkan+MwP4/iNhyfb69S453cctk1x7gXYZuK:Fn6D/SNQww/iN8fb9XWk/0I1
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-