4d6f088f7ff7e10f5b6df7628f7641b15a90298f7dedc7b46291255c1aa89c23 | Triage

Sharing

General

Target

Shipment Arrival Notification of 772165397672.exe
Size

705KB
Sample

240522-j9ztnahe7v
MD5

72db5e724a635395cdacbf78fac0475c
SHA1

edcb1c8960accc40d5becce4a74b1cc2d344007a
SHA256

4d6f088f7ff7e10f5b6df7628f7641b15a90298f7dedc7b46291255c1aa89c23
SHA512

d773c162058833d999ac889ecd4bb6c56552687d7e1d58ba81a4eecbd4936419494e636e8095fac5bdbfc284392fccec792092886b63afa9a96d066544f564a6
SSDEEP

12288:s1i8LkpEaPWJUl37gHxROu1uXT9CqAITASl99j6msd2UtHf+SpThKFc45/+qkR:TjE4I3HD1uXT9pAolP1sd/x+SpTUh/+p

Score

8^/10

execution

Malware Config

Targets

- Target
  
  Shipment Arrival Notification of 772165397672.exe
- Size
  
  705KB
- MD5
  
  72db5e724a635395cdacbf78fac0475c
- SHA1
  
  edcb1c8960accc40d5becce4a74b1cc2d344007a
- SHA256
  
  4d6f088f7ff7e10f5b6df7628f7641b15a90298f7dedc7b46291255c1aa89c23
- SHA512
  
  d773c162058833d999ac889ecd4bb6c56552687d7e1d58ba81a4eecbd4936419494e636e8095fac5bdbfc284392fccec792092886b63afa9a96d066544f564a6
- SSDEEP
  
  12288:s1i8LkpEaPWJUl37gHxROu1uXT9CqAITASl99j6msd2UtHf+SpThKFc45/+qkR:TjE4I3HD1uXT9pAolP1sd/x+SpTUh/+p
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2