c769cee0a5a1cb795c2fc24c6471aaa898e58f38ea1aea8e632564cd4358a751 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

c769cee0a5...51.exe

windows7-x64

9

c769cee0a5...51.exe

windows10-2004-x64

9

Sharing

General

Target

c769cee0a5a1cb795c2fc24c6471aaa898e58f38ea1aea8e632564cd4358a751.exe
Size

775KB
Sample

240522-cvfznshe3t
MD5

21fbdf89f1b48a7ca8c8dff9cff9b4f4
SHA1

249c4192ebdea5a8205e3dda9aca55cafb7cfa81
SHA256

c769cee0a5a1cb795c2fc24c6471aaa898e58f38ea1aea8e632564cd4358a751
SHA512

d6e268039d284011cd30ae2eaf133b8422ad53956ad33e689d72358422b64949c8689a88190c1cbaaa52aa87d22e6d58cfd70e4329cbf412d64fa4ba9f81df3f
SSDEEP

12288:+AZsu9gdZddQwgaVsmE8aovRNYyMD7iPNCTrgbuXBGQwRH4F4oPlLJZr57:0uSYwrnaS6yMPiPNCneu1i4iOZR

Score

9^/10

execution

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c769cee0a5a1cb795c2fc24c6471aaa898e58f38ea1aea8e632564cd4358a751.exe

Resource

win7-20240221-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

c769cee0a5a1cb795c2fc24c6471aaa898e58f38ea1aea8e632564cd4358a751.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  c769cee0a5a1cb795c2fc24c6471aaa898e58f38ea1aea8e632564cd4358a751.exe
- Size
  
  775KB
- MD5
  
  21fbdf89f1b48a7ca8c8dff9cff9b4f4
- SHA1
  
  249c4192ebdea5a8205e3dda9aca55cafb7cfa81
- SHA256
  
  c769cee0a5a1cb795c2fc24c6471aaa898e58f38ea1aea8e632564cd4358a751
- SHA512
  
  d6e268039d284011cd30ae2eaf133b8422ad53956ad33e689d72358422b64949c8689a88190c1cbaaa52aa87d22e6d58cfd70e4329cbf412d64fa4ba9f81df3f
- SSDEEP
  
  12288:+AZsu9gdZddQwgaVsmE8aovRNYyMD7iPNCTrgbuXBGQwRH4F4oPlLJZr57:0uSYwrnaS6yMPiPNCneu1i4iOZR
Score

9^/10

execution
- Detects executables packed with SmartAssembly
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy