acfd25c6d649700c11b88e4604130047b0ff50fabbcac38df05f3552ef9a5294 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

Change_Background.exe

windows10-2004-x64

7

Resubmissions

25/05/2024, 15:52

240525-ta6s2ahf5w 3

25/05/2024, 15:51

240525-tam1xshf3z 3

25/05/2024, 15:45

240525-s7hxsshe3y 7

Sharing

Copy URL Twitter E-mail

General

Target

Change_Background.exe
Size

35KB
Sample

240525-s7hxsshe3y
MD5

25864fb7c93e7e94b29b34859ac97d06
SHA1

7622ced4991cc95c99e4093d0eef2f6f2f436134
SHA256

acfd25c6d649700c11b88e4604130047b0ff50fabbcac38df05f3552ef9a5294
SHA512

683b5b95ed6c0eb584458449d1a5006638f28cb1f8693344c0ed289a15ae14b31f9ba2442394a8797df7e25439f6f0ede52bfbfcb207757b38d38c042f4f0e0e
SSDEEP

384:qxiHABz9q3FxmHu+JjOdumeuZwNPs5eg1a3C2K9RBbzJ9CE9a6cpMQiW4zmkZXOa:qCIFqe6KCb/RzhXbOfq1hkyIK

Score

7^/10

discovery persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Change_Background.exe

Resource

win10v2004-20240426-en

discovery persistence

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  Change_Background.exe
- Size
  
  35KB
- MD5
  
  25864fb7c93e7e94b29b34859ac97d06
- SHA1
  
  7622ced4991cc95c99e4093d0eef2f6f2f436134
- SHA256
  
  acfd25c6d649700c11b88e4604130047b0ff50fabbcac38df05f3552ef9a5294
- SHA512
  
  683b5b95ed6c0eb584458449d1a5006638f28cb1f8693344c0ed289a15ae14b31f9ba2442394a8797df7e25439f6f0ede52bfbfcb207757b38d38c042f4f0e0e
- SSDEEP
  
  384:qxiHABz9q3FxmHu+JjOdumeuZwNPs5eg1a3C2K9RBbzJ9CE9a6cpMQiW4zmkZXOa:qCIFqe6KCb/RzhXbOfq1hkyIK
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

© 2018-2025

Terms | Privacy