95eaf567046e52488fff8b37531afc7a5b4f391bd66ac46a456e7a4cff715198 | Triage

Submit
Reports

Overview

overview

Static

static

3

95eaf56704...98.xll

windows7-x64

7

95eaf56704...98.xll

windows10-2004-x64

Sharing

General

Target

95eaf567046e52488fff8b37531afc7a5b4f391bd66ac46a456e7a4cff715198
Size

12KB
Sample

240523-bnktlsgb7v
MD5

fe908cfe97274ea66ed2a5b05d3ec0f4
SHA1

7a04aeb78f065ffae68e69164a09e33ab340a058
SHA256

95eaf567046e52488fff8b37531afc7a5b4f391bd66ac46a456e7a4cff715198
SHA512

aacfb3204da6387e2b0c5d5982fa9881b8aa1257bd450490decce0c79ad60c093b551795baf8e19d9193228ed3037ec71b957ec8ed4a2b171de3144b875991fb
SSDEEP

192:/L29RBzDzeobchBj8JONkON5RoruKrEPEjr7AhH:T29jnbcvYJONCuKvr7CH

Score

10^/10

execution

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

95eaf567046e52488fff8b37531afc7a5b4f391bd66ac46a456e7a4cff715198.xll

Resource

win7-20231129-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

95eaf567046e52488fff8b37531afc7a5b4f391bd66ac46a456e7a4cff715198.xll

Resource

win10v2004-20240226-en

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  95eaf567046e52488fff8b37531afc7a5b4f391bd66ac46a456e7a4cff715198
- Size
  
  12KB
- MD5
  
  fe908cfe97274ea66ed2a5b05d3ec0f4
- SHA1
  
  7a04aeb78f065ffae68e69164a09e33ab340a058
- SHA256
  
  95eaf567046e52488fff8b37531afc7a5b4f391bd66ac46a456e7a4cff715198
- SHA512
  
  aacfb3204da6387e2b0c5d5982fa9881b8aa1257bd450490decce0c79ad60c093b551795baf8e19d9193228ed3037ec71b957ec8ed4a2b171de3144b875991fb
- SSDEEP
  
  192:/L29RBzDzeobchBj8JONkON5RoruKrEPEjr7AhH:T29jnbcvYJONCuKvr7CH
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy