84deede63e52ad9249ab9907c8adb40cf822c95d2a7057da3efd72784266b797 | Triage

Submit
Reports

Overview

overview

Static

static

3

número de...df.exe

windows7-x64

número de...df.exe

windows10-2004-x64

Sharing

General

Target

número de pedido 012779-pdf.exe
Size

756KB
Sample

240523-wzxb1abf7x
MD5

67e15999c73fb5a9119e74db15dcbf0e
SHA1

821f318b7db0812f051323578b3ef1c7c7f5797c
SHA256

84deede63e52ad9249ab9907c8adb40cf822c95d2a7057da3efd72784266b797
SHA512

deffc9ee169602d0dfdcdec8b9a74b7bd2dac285eb26bf1ec145d453443617d0f68c619ff07bc0a473c2bbdac338d12a8ce799b0d85f2b8394622a7ce1afd460
SSDEEP

12288:R+D/Pu1N9o7g5lEPg1uJZbCPJMXj/tHxxuVGBDZsmahI9ZE2Zpxwp+BL:R+jub0S2Pg1wbCP2TVXuGWeE2ZpxU+J

Score

10^/10

evasion execution trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

número de pedido 012779-pdf.exe

Resource

win7-20240221-en

evasion execution trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

número de pedido 012779-pdf.exe

Resource

win10v2004-20240508-en

evasion execution trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  número de pedido 012779-pdf.exe
- Size
  
  756KB
- MD5
  
  67e15999c73fb5a9119e74db15dcbf0e
- SHA1
  
  821f318b7db0812f051323578b3ef1c7c7f5797c
- SHA256
  
  84deede63e52ad9249ab9907c8adb40cf822c95d2a7057da3efd72784266b797
- SHA512
  
  deffc9ee169602d0dfdcdec8b9a74b7bd2dac285eb26bf1ec145d453443617d0f68c619ff07bc0a473c2bbdac338d12a8ce799b0d85f2b8394622a7ce1afd460
- SSDEEP
  
  12288:R+D/Pu1N9o7g5lEPg1uJZbCPJMXj/tHxxuVGBDZsmahI9ZE2Zpxwp+BL:R+jub0S2Pg1wbCP2TVXuGWeE2ZpxU+J
Score

10^/10

evasion execution trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Looks for VirtualBox Guest Additions in registry
  evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionexecutiontrojan

behavioral2

evasionexecutiontrojan

© 2018-2024

Terms | Privacy