db50263b378969e4663df551b90d0f3bcbe54d4dbe449470e9ada4e0bcbe17cb | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

db50263b378969e4663df551b90d0f3bcbe54d4dbe449470e9ada4e0bcbe17cb
Size

12KB
Sample

240523-cd578shf31
MD5

e2c96e1c76c535777922a3468f264bee
SHA1

0182ae606cad5850248fb3f8fd6060514e244a91
SHA256

db50263b378969e4663df551b90d0f3bcbe54d4dbe449470e9ada4e0bcbe17cb
SHA512

3cc2de2336edb161e6c62c3b033b7db25a03b5db95a665470b8bc32b6fc2e3115c035aeff97e3880888507a2978e34019b7c00960a80fd44fb5390eb4aee4e64
SSDEEP

192:xL29RBzDzeobchBj8JONNONmru/UrEPEjr7Ahq:B29jnbcvYJO6Aucvr7Cq

Score

10^/10

execution

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

db50263b378969e4663df551b90d0f3bcbe54d4dbe449470e9ada4e0bcbe17cb.xll

Resource

win10v2004-20240508-en

windows10-2004-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

db50263b378969e4663df551b90d0f3bcbe54d4dbe449470e9ada4e0bcbe17cb.xll

Resource

win11-20240419-en

windows11-21h2-x64

13 signatures

150 seconds

Malware Config

Extracted

Language

xlm4.0

Source

Targets

- Target
  
  db50263b378969e4663df551b90d0f3bcbe54d4dbe449470e9ada4e0bcbe17cb
- Size
  
  12KB
- MD5
  
  e2c96e1c76c535777922a3468f264bee
- SHA1
  
  0182ae606cad5850248fb3f8fd6060514e244a91
- SHA256
  
  db50263b378969e4663df551b90d0f3bcbe54d4dbe449470e9ada4e0bcbe17cb
- SHA512
  
  3cc2de2336edb161e6c62c3b033b7db25a03b5db95a665470b8bc32b6fc2e3115c035aeff97e3880888507a2978e34019b7c00960a80fd44fb5390eb4aee4e64
- SSDEEP
  
  192:xL29RBzDzeobchBj8JONNONmru/UrEPEjr7Ahq:B29jnbcvYJO6Aucvr7Cq
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy