General
-
Target
7e052903db8c20022280f156834b9af172c7877b7253104562f77d61f8c3de6a.exe
-
Size
2.0MB
-
Sample
240527-rh1wmsgc52
-
MD5
20d1a291ba22e0d37ba1c9ef7c4f2a8e
-
SHA1
977deb9b18a8599aac68cfd86fd95219a54fc8c4
-
SHA256
7e052903db8c20022280f156834b9af172c7877b7253104562f77d61f8c3de6a
-
SHA512
662369dcf70c1abe0142a139f950df672d62b3dbda910a804b6ef6a76280fa543aba4d1a9e52bea1584cdc0c674110b7a11fb0948be82e27c77e92b465f16d42
-
SSDEEP
24576:2y2KxiKAGfq78Qh7zCIU1D6hynUlAqFzATZAguEkVm2nc6DKcPGsiSbBydwBFrUm:2K1WlU1D6hk8RFzAZ5+m21Kc+sPbVT
Static task
static1
Behavioral task
behavioral1
Sample
7e052903db8c20022280f156834b9af172c7877b7253104562f77d61f8c3de6a.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7e052903db8c20022280f156834b9af172c7877b7253104562f77d61f8c3de6a.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
7e052903db8c20022280f156834b9af172c7877b7253104562f77d61f8c3de6a.exe
-
Size
2.0MB
-
MD5
20d1a291ba22e0d37ba1c9ef7c4f2a8e
-
SHA1
977deb9b18a8599aac68cfd86fd95219a54fc8c4
-
SHA256
7e052903db8c20022280f156834b9af172c7877b7253104562f77d61f8c3de6a
-
SHA512
662369dcf70c1abe0142a139f950df672d62b3dbda910a804b6ef6a76280fa543aba4d1a9e52bea1584cdc0c674110b7a11fb0948be82e27c77e92b465f16d42
-
SSDEEP
24576:2y2KxiKAGfq78Qh7zCIU1D6hynUlAqFzATZAguEkVm2nc6DKcPGsiSbBydwBFrUm:2K1WlU1D6hk8RFzAZ5+m21Kc+sPbVT
Score10/10-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1