e224a25d4418ec2453cb3287fe13416b6a672de61f60341c77271fbb33870a55 | Triage

Sharing

General

Target

e224a25d4418ec2453cb3287fe13416b6a672de61f60341c77271fbb33870a55.exe
Size

716KB
Sample

240523-clrptaac26
MD5

9647d578b84e06709db03e8763b033d9
SHA1

854dd1d5a7e5f9f832a0b2094c53e9612b588764
SHA256

e224a25d4418ec2453cb3287fe13416b6a672de61f60341c77271fbb33870a55
SHA512

5da263aa9916b109617e96b6db9c0461f7610984c051bb4b69343165c7f5de500778ccf3bb16fbb28441792b91369a17e67335a8a21fc3c58576cbd906b72186
SSDEEP

12288:7d25fwSsBM/f4NQ5S2PP57BEnQQm3Gv9YnSq3RPUsIXybOnpw7yV8lbKuldpXyqd:7dtwTToQQm21k6sIP7mbKuTObycwGjle

Score

8^/10

execution

Malware Config

Targets

- Target
  
  e224a25d4418ec2453cb3287fe13416b6a672de61f60341c77271fbb33870a55.exe
- Size
  
  716KB
- MD5
  
  9647d578b84e06709db03e8763b033d9
- SHA1
  
  854dd1d5a7e5f9f832a0b2094c53e9612b588764
- SHA256
  
  e224a25d4418ec2453cb3287fe13416b6a672de61f60341c77271fbb33870a55
- SHA512
  
  5da263aa9916b109617e96b6db9c0461f7610984c051bb4b69343165c7f5de500778ccf3bb16fbb28441792b91369a17e67335a8a21fc3c58576cbd906b72186
- SSDEEP
  
  12288:7d25fwSsBM/f4NQ5S2PP57BEnQQm3Gv9YnSq3RPUsIXybOnpw7yV8lbKuldpXyqd:7dtwTToQQm21k6sIP7mbKuTObycwGjle
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2