General
-
Target
número de pedido 012779-pdf.exe
-
Size
756KB
-
Sample
240523-wzxb1abf7x
-
MD5
67e15999c73fb5a9119e74db15dcbf0e
-
SHA1
821f318b7db0812f051323578b3ef1c7c7f5797c
-
SHA256
84deede63e52ad9249ab9907c8adb40cf822c95d2a7057da3efd72784266b797
-
SHA512
deffc9ee169602d0dfdcdec8b9a74b7bd2dac285eb26bf1ec145d453443617d0f68c619ff07bc0a473c2bbdac338d12a8ce799b0d85f2b8394622a7ce1afd460
-
SSDEEP
12288:R+D/Pu1N9o7g5lEPg1uJZbCPJMXj/tHxxuVGBDZsmahI9ZE2Zpxwp+BL:R+jub0S2Pg1wbCP2TVXuGWeE2ZpxU+J
Static task
static1
Behavioral task
behavioral1
Sample
número de pedido 012779-pdf.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
número de pedido 012779-pdf.exe
-
Size
756KB
-
MD5
67e15999c73fb5a9119e74db15dcbf0e
-
SHA1
821f318b7db0812f051323578b3ef1c7c7f5797c
-
SHA256
84deede63e52ad9249ab9907c8adb40cf822c95d2a7057da3efd72784266b797
-
SHA512
deffc9ee169602d0dfdcdec8b9a74b7bd2dac285eb26bf1ec145d453443617d0f68c619ff07bc0a473c2bbdac338d12a8ce799b0d85f2b8394622a7ce1afd460
-
SSDEEP
12288:R+D/Pu1N9o7g5lEPg1uJZbCPJMXj/tHxxuVGBDZsmahI9ZE2Zpxwp+BL:R+jub0S2Pg1wbCP2TVXuGWeE2ZpxU+J
-
Looks for VirtualBox Guest Additions in registry
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5Virtualization/Sandbox Evasion
2