General
-
Target
c51a6649c394fff8566dd845ed8b2f11b4adfa57486a9d16d645eebedc0605d9.exe
-
Size
712KB
-
Sample
240523-cfxzmshg2w
-
MD5
34d1fa82399358cfc800d7b2a1d3aa13
-
SHA1
0d5c2fbd348ad21b0ff0b0edfb53b88a9b9f5dcc
-
SHA256
c51a6649c394fff8566dd845ed8b2f11b4adfa57486a9d16d645eebedc0605d9
-
SHA512
56600eae8804c19e88c7add071d0f12357c677dc62ea3fd4b5c26bbf5d29820c38b75bf2c390b2971cb72b7b2410fb5b4c875157800db7fa37fe3f8b05f42629
-
SSDEEP
12288:ZLrBpc/5B2NHSV2nR2R0vOhJYfT8Z6Y5qm2SP9A4ThhVHTjWSutqokR:NXc/r6HV20vOh+7Nm3RthVHfW1w
Static task
static1
Behavioral task
behavioral1
Sample
c51a6649c394fff8566dd845ed8b2f11b4adfa57486a9d16d645eebedc0605d9.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
c51a6649c394fff8566dd845ed8b2f11b4adfa57486a9d16d645eebedc0605d9.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
c51a6649c394fff8566dd845ed8b2f11b4adfa57486a9d16d645eebedc0605d9.exe
-
Size
712KB
-
MD5
34d1fa82399358cfc800d7b2a1d3aa13
-
SHA1
0d5c2fbd348ad21b0ff0b0edfb53b88a9b9f5dcc
-
SHA256
c51a6649c394fff8566dd845ed8b2f11b4adfa57486a9d16d645eebedc0605d9
-
SHA512
56600eae8804c19e88c7add071d0f12357c677dc62ea3fd4b5c26bbf5d29820c38b75bf2c390b2971cb72b7b2410fb5b4c875157800db7fa37fe3f8b05f42629
-
SSDEEP
12288:ZLrBpc/5B2NHSV2nR2R0vOhJYfT8Z6Y5qm2SP9A4ThhVHTjWSutqokR:NXc/r6HV20vOh+7Nm3RthVHfW1w
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-