Extracted

• • Target

    DOWNLOAD_FISCALIA.7z.TAR

  • Size

    3.6MB

  • MD5

    a3f0035f031d29176da9b625e9f2bc5c

  • SHA1

    e1dd6d44b4fafe8859ce3719a19ff77d20a3fc8d

  • SHA256

    0eecc02ff7006649bb121c4d633a2390df030922aa6a90bf86532ff88579e438

  • SHA512

    2018d0aca64b6be492f78afef0c98b7bb708aa67fbf3bdddd0c933ef79e76e7dbdff430f6404c39c962f9c2d39d517b536925ef8ac290d64f05950ab0a4a0794

  • SSDEEP

    98304:L2oGCDpZqnOfrpvys5P2jpmRnzBQTjs0/2v:LpDfqnOfdvys59RlQTjs00

  Score

  10^/10

  executionpersistence

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Downloads MZ/PE file

  • Sets file execution options in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Registers COM server for autorun

    persistence

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks system information in the registry

    System information is often read in order to detect sandboxing environments.

  behavioral1