General
-
Target
3f1414acc122559e44c9760949639fa6.bin
-
Size
1.6MB
-
Sample
240604-bz4qvsgg3v
-
MD5
48d32d0d9a092589ff01d31730db03d5
-
SHA1
41ccd24bbeef17aab2bc9e20f553222a77ac153e
-
SHA256
d6eed977741825badacec5402690aab5ee64622e405102d7e88a38c5b615fdf1
-
SHA512
4d37ddb8863de2dc3064a488ed96c29352d43f40fbd965ab91b1ad4b421d3fff0aba0bb79a33f2cb849f88db773968ed05315d83dacf6dd08053aa6ed60fd1e1
-
SSDEEP
24576:cppuL/hwYjr8EDt6nDek7mDnFIf6hnpq/v3gUYZtYqlLMxk21Q1sfVri/4sFJ:c25wQ8EYnDJ0GwnpitGY8LM+21QGNunJ
Static task
static1
Behavioral task
behavioral1
Sample
a2f115298e7e2a6641f1af6447139aae7a272396e05255cf3f46aad126095168.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a2f115298e7e2a6641f1af6447139aae7a272396e05255cf3f46aad126095168.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
a2f115298e7e2a6641f1af6447139aae7a272396e05255cf3f46aad126095168.exe
-
Size
2.1MB
-
MD5
3f1414acc122559e44c9760949639fa6
-
SHA1
b2e9d49489ded5b9ed2e77d273047381e21657b9
-
SHA256
a2f115298e7e2a6641f1af6447139aae7a272396e05255cf3f46aad126095168
-
SHA512
eff86d7fb57e5644d10d5cf80d82db3c611563795334c863218aacae7e5c1bf2c1cf42e36fd63f276762df9d16da5b5888651da704f91ecee9f1d02093a882d3
-
SSDEEP
49152:IBJ0k1H8oajdVSBlwRh8QniHqyxLfNDNTHS:yGk1idXNCqyxLfvHS
Score10/10-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1