114a4bd115730002762c4cc9bbbc5ed53e5e036253b87fdf4bcef7647d9e8870 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

114a4bd115...70.exe

windows7-x64

9

114a4bd115...70.exe

windows10-2004-x64

9

Sharing

General

Target

114a4bd115730002762c4cc9bbbc5ed53e5e036253b87fdf4bcef7647d9e8870.exe
Size

764KB
Sample

240523-bgrctaga98
MD5

1e52979e2e69e3626e972952ce6353f4
SHA1

f0114356fb63a3f850e9e59954b50422e9351b84
SHA256

114a4bd115730002762c4cc9bbbc5ed53e5e036253b87fdf4bcef7647d9e8870
SHA512

b2eec444814ba8764cee532e3e713f847bf4cf360cc73d9429d0b87275c6319332f4e03867188f4624087a5eebc59e6f553307ea5218111ed0780962b51cc6fc
SSDEEP

12288:57Lb5nG9BB62Jjqnxa4vU6PaXHBgGB/uVW90vV2p12s7YbSUr3tuTNQTig4/37rG:iE2Jj34ZyXyGB/GF+cPPQiTwf7

Score

9^/10

execution

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

114a4bd115730002762c4cc9bbbc5ed53e5e036253b87fdf4bcef7647d9e8870.exe

Resource

win7-20240215-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

114a4bd115730002762c4cc9bbbc5ed53e5e036253b87fdf4bcef7647d9e8870.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  114a4bd115730002762c4cc9bbbc5ed53e5e036253b87fdf4bcef7647d9e8870.exe
- Size
  
  764KB
- MD5
  
  1e52979e2e69e3626e972952ce6353f4
- SHA1
  
  f0114356fb63a3f850e9e59954b50422e9351b84
- SHA256
  
  114a4bd115730002762c4cc9bbbc5ed53e5e036253b87fdf4bcef7647d9e8870
- SHA512
  
  b2eec444814ba8764cee532e3e713f847bf4cf360cc73d9429d0b87275c6319332f4e03867188f4624087a5eebc59e6f553307ea5218111ed0780962b51cc6fc
- SSDEEP
  
  12288:57Lb5nG9BB62Jjqnxa4vU6PaXHBgGB/uVW90vV2p12s7YbSUr3tuTNQTig4/37rG:iE2Jj34ZyXyGB/GF+cPPQiTwf7
Score

9^/10

execution
- Detects executables packed with SmartAssembly
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy