5e117147b3d77322d3f7780f2a341a2f1a7d3a15e5724ceb5138165ba2d167a8 | Triage

Sharing

General

Target

5e117147b3d77322d3f7780f2a341a2f1a7d3a15e5724ceb5138165ba2d167a8.exe
Size

681KB
Sample

240529-bvvx6adf75
MD5

5a2af74d7946dfbe0db9944ad2daba95
SHA1

c89cbd628b1c534c7297aec89af9749ce1090b07
SHA256

5e117147b3d77322d3f7780f2a341a2f1a7d3a15e5724ceb5138165ba2d167a8
SHA512

f27d3b1b59f60a2cddc0a3778572711de6329c1231ba9c6e4fb9ad490dbe14da97201b950f713d7a0100b0103547873fe92ec51263eb7093052d76bd8d801f43
SSDEEP

12288:8uDrYCFd6xvWiG0OyLs1SLwcM/yVAfXmBHuAVAMjZAubVO0lTFvNQyd:J81xvWGOyL+cnVAguAHF

Score

8^/10

execution

Malware Config

Targets

- Target
  
  5e117147b3d77322d3f7780f2a341a2f1a7d3a15e5724ceb5138165ba2d167a8.exe
- Size
  
  681KB
- MD5
  
  5a2af74d7946dfbe0db9944ad2daba95
- SHA1
  
  c89cbd628b1c534c7297aec89af9749ce1090b07
- SHA256
  
  5e117147b3d77322d3f7780f2a341a2f1a7d3a15e5724ceb5138165ba2d167a8
- SHA512
  
  f27d3b1b59f60a2cddc0a3778572711de6329c1231ba9c6e4fb9ad490dbe14da97201b950f713d7a0100b0103547873fe92ec51263eb7093052d76bd8d801f43
- SSDEEP
  
  12288:8uDrYCFd6xvWiG0OyLs1SLwcM/yVAfXmBHuAVAMjZAubVO0lTFvNQyd:J81xvWGOyL+cnVAguAHF
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2