dcda4d5b1eba2327c178aad5f4237e22934841cd6d7ad116c2cb1622d6e9673b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PO Copy_7854569.exe
Size

698KB
Sample

240523-qg8z7acf74
MD5

1a446464ce98784973a5e7bd13190a5b
SHA1

d4a5f07d3259338ec8ac7c84dc387dd0ea581b6b
SHA256

dcda4d5b1eba2327c178aad5f4237e22934841cd6d7ad116c2cb1622d6e9673b
SHA512

cb39b7dbcac0f6d1319ea70a589add07be9f2911e255dc21bb8364dfd36143283c8dacc444515ad0184d5bba2cdb37180d4325f57d7fa90060620292b0824783
SSDEEP

12288:e5dxtiqsXrn+yqXRYhJ6rRz4NxufdfwVfZohEViROrEn1FMG:e5pbsXrnowHdZohEAKED

Score

8^/10

execution

Malware Config

Targets

- Target
  
  PO Copy_7854569.exe
- Size
  
  698KB
- MD5
  
  1a446464ce98784973a5e7bd13190a5b
- SHA1
  
  d4a5f07d3259338ec8ac7c84dc387dd0ea581b6b
- SHA256
  
  dcda4d5b1eba2327c178aad5f4237e22934841cd6d7ad116c2cb1622d6e9673b
- SHA512
  
  cb39b7dbcac0f6d1319ea70a589add07be9f2911e255dc21bb8364dfd36143283c8dacc444515ad0184d5bba2cdb37180d4325f57d7fa90060620292b0824783
- SSDEEP
  
  12288:e5dxtiqsXrn+yqXRYhJ6rRz4NxufdfwVfZohEViROrEn1FMG:e5pbsXrnowHdZohEAKED
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2