9d3e2f47c9e19eb3dd2ad6ff1b00ae5e7b429c4c997268a42b3f75c6d448090a | Triage

Sharing

General

Target

quotation.exe
Size

925KB
Sample

240522-zgek1sfg6s
MD5

45cc1bf65d887b4899f7c212b271e578
SHA1

95091ef8a659d6dbde4119cf45d8bc7600be35bd
SHA256

9d3e2f47c9e19eb3dd2ad6ff1b00ae5e7b429c4c997268a42b3f75c6d448090a
SHA512

aaeecd5fc1c395de750be26a62eac4c993d54da38ee6210c03c113fb33ae91b8e6cd3088e5101d54fdbe2708ca4fc479cf0956979622aebfe2cc71fce22bc326
SSDEEP

12288:vLdUcmDiSGP31lk463i3tINrHtkvT3Op44ZOloWvOkR:vLdeiNS4Oi9IN3p7OloWvV

Score

8^/10

execution

Malware Config

Targets

- Target
  
  quotation.exe
- Size
  
  925KB
- MD5
  
  45cc1bf65d887b4899f7c212b271e578
- SHA1
  
  95091ef8a659d6dbde4119cf45d8bc7600be35bd
- SHA256
  
  9d3e2f47c9e19eb3dd2ad6ff1b00ae5e7b429c4c997268a42b3f75c6d448090a
- SHA512
  
  aaeecd5fc1c395de750be26a62eac4c993d54da38ee6210c03c113fb33ae91b8e6cd3088e5101d54fdbe2708ca4fc479cf0956979622aebfe2cc71fce22bc326
- SSDEEP
  
  12288:vLdUcmDiSGP31lk463i3tINrHtkvT3Op44ZOloWvOkR:vLdeiNS4Oi9IN3p7OloWvV
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2