General
-
Target
04062024_0152_03062024_Quote Parts.zip
-
Size
625KB
-
Sample
240604-caqy5shc9w
-
MD5
4274a6bd52ec6761e46537dddb53dd38
-
SHA1
f4c2d6ce1305e39046365b03ac806a68bbff3d5d
-
SHA256
0ebb8fde500f89a41864c8f8dd7e926a205c4a0ec3e914e25e5af61208cddc40
-
SHA512
97188fcf2fafaa7aa3b5d0132c3c6fa0537228201205c2273b0451c63294e0ccf5bb1b45195269b8d14edd33747379e93e6d44248dfb174cf34d04511a735680
-
SSDEEP
12288:SJVqSzdcQLcSakWa/CcS00ACwMAB5jYnfvrGRcBQPYNhfBr3O:SJ3ZxVakWlWdRBynfvrGR2NtBr+
Static task
static1
Behavioral task
behavioral1
Sample
Quote Parts/Quote Parts.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
Quote Parts/Quote Parts.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Quote Parts/Quote Parts.exe
-
Size
638KB
-
MD5
bb0546305cb4aaa5a3c3021561122f8f
-
SHA1
cc861fa754e8c23141fadb6c20a5ea9d1fa574cc
-
SHA256
478cc499c5197c2905ca3138f9eb42a6c9e60d6692a7e01018bff9e3b3ecc4f3
-
SHA512
2fdbff7174c346dccc8e252158bfb14c23c399ba4916b1f8280ea12890f20337aa2b6beede77e67b798c663619bbf2144749034bcbd2c30b04b101b6a53d3c45
-
SSDEEP
12288:/qjUTScSzdcOLcSaCWaZC6S0+AmwMAvPjY5NvrGRapCPYNh1Br62:/qATWZlVaCW5qhRv85NvrGRSN/BrD
Score10/10-
Adds policy Run key to start application
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2