631e9daaee241678334ffae4db8bae66a2781fac9bacb73676ee248917deae3f | Triage

Sharing

General

Target

631e9daaee241678334ffae4db8bae66a2781fac9bacb73676ee248917deae3f.exe
Size

735KB
Sample

240523-awy6jafa97
MD5

67e8394308a06ffee627c77b7d3d16ea
SHA1

e0d9daad8296d2f757cc442d1d1f1302d7aec13b
SHA256

631e9daaee241678334ffae4db8bae66a2781fac9bacb73676ee248917deae3f
SHA512

2081ce36d917c75157c9c2be12dfee62ea7ffee18c809eee51c7415e5ef9b1868398f2d95412b71a7d2e5d1d24570513d6a5f242f67a30744ef9ca6a401bf48a
SSDEEP

12288:IWEY5/l9s22BEEzFatnMwpOl555EQK+AlkKr0HBZR6ZUlo8if:gA/l9s3BEWwpOz55/K+Alk0IeUloP

Score

8^/10

execution

Malware Config

Targets

- Target
  
  631e9daaee241678334ffae4db8bae66a2781fac9bacb73676ee248917deae3f.exe
- Size
  
  735KB
- MD5
  
  67e8394308a06ffee627c77b7d3d16ea
- SHA1
  
  e0d9daad8296d2f757cc442d1d1f1302d7aec13b
- SHA256
  
  631e9daaee241678334ffae4db8bae66a2781fac9bacb73676ee248917deae3f
- SHA512
  
  2081ce36d917c75157c9c2be12dfee62ea7ffee18c809eee51c7415e5ef9b1868398f2d95412b71a7d2e5d1d24570513d6a5f242f67a30744ef9ca6a401bf48a
- SSDEEP
  
  12288:IWEY5/l9s22BEEzFatnMwpOl555EQK+AlkKr0HBZR6ZUlo8if:gA/l9s3BEWwpOz55/K+Alk0IeUloP
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2