Overview

overview

8

Static

static

3

DRAFT 99577590.exe

windows7-x64

8

DRAFT 99577590.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    DRAFT 99577590.exe

  • Size

    819KB

  • Sample

    240606-sxw2nsgh96

  • MD5

    dfbb5e29cc55df4682deb2d5e42312c4

  • SHA1

    20dd5329681c1fca920e25ea81d22f297c30e215

  • SHA256

    5caf4d51607ec725eef603be7bad886205f02225cc6adaf43234203d3fd43d4d

  • SHA512

    be70c30415e07a3eb36725a1fbb0c5a13d12f6c0f1b78f3e93a599269bb467e93735d8d1fed7b661cc01d6c1196ee31636945c82fbbd633f934551ea6197350e

  • SSDEEP

    24576:tR7C3c6HkGbmzXBpLAO4pJ7YlgtY+VTAC:thWfuxVA7bklgtY+VTA

Score
8/10
execution

Malware Config

Targets

    • Target

      DRAFT 99577590.exe

    • Size

      819KB

    • MD5

      dfbb5e29cc55df4682deb2d5e42312c4

    • SHA1

      20dd5329681c1fca920e25ea81d22f297c30e215

    • SHA256

      5caf4d51607ec725eef603be7bad886205f02225cc6adaf43234203d3fd43d4d

    • SHA512

      be70c30415e07a3eb36725a1fbb0c5a13d12f6c0f1b78f3e93a599269bb467e93735d8d1fed7b661cc01d6c1196ee31636945c82fbbd633f934551ea6197350e

    • SSDEEP

      24576:tR7C3c6HkGbmzXBpLAO4pJ7YlgtY+VTAC:thWfuxVA7bklgtY+VTA

    Score
    8/10
    execution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks