6763d8d4e0fb096cbac65ce1a4564860ce876af9ae20b989607db1b9f706564b | Triage

Sharing

General

Target

6763d8d4e0fb096cbac65ce1a4564860ce876af9ae20b989607db1b9f706564b
Size

780KB
Sample

240522-cq3ymshc91
MD5

ef762888c07984bf8626ba2e08fe4322
SHA1

511552eba47ead5264b8b09b4cbba49a11d9edef
SHA256

6763d8d4e0fb096cbac65ce1a4564860ce876af9ae20b989607db1b9f706564b
SHA512

ae432128f3995f97b4a7d7ac9bff8699c74dbdc702dd4fed0473a8faa158deccefbd642d0928cd5d97c8fba5189f234d423f5044cc2bb2f5e94803b696d082aa
SSDEEP

12288:9AZsu9gdnJzAXtXlFzmti1oly2Svnj/EpOYI3ex88+99Q6lECg0Br5r:HuSj4/zmtXyvvj/EpOZuI9Q6eEBB

Score

8^/10

execution

Malware Config

Targets

- Target
  
  6763d8d4e0fb096cbac65ce1a4564860ce876af9ae20b989607db1b9f706564b
- Size
  
  780KB
- MD5
  
  ef762888c07984bf8626ba2e08fe4322
- SHA1
  
  511552eba47ead5264b8b09b4cbba49a11d9edef
- SHA256
  
  6763d8d4e0fb096cbac65ce1a4564860ce876af9ae20b989607db1b9f706564b
- SHA512
  
  ae432128f3995f97b4a7d7ac9bff8699c74dbdc702dd4fed0473a8faa158deccefbd642d0928cd5d97c8fba5189f234d423f5044cc2bb2f5e94803b696d082aa
- SSDEEP
  
  12288:9AZsu9gdnJzAXtXlFzmti1oly2Svnj/EpOYI3ex88+99Q6lECg0Br5r:HuSj4/zmtXyvvj/EpOZuI9Q6eEBB
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2