Overview

overview

8

Static

static

1

sharlotan5...99.mp4

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sharlotan54_2023-06-15-01-37-14_1686775034399.mp4

  • Size

    473KB

  • Sample

    240611-w4p4gswhmr

  • MD5

    25c252bc27cf7bc7997211bb9535b121

  • SHA1

    d479ae3764bc55011710e1dacdcf835c3319ea04

  • SHA256

    143e0902549cc52134118e70d9d890ac9279cab6c6239cbe85468ea37ff47956

  • SHA512

    38980abb9f6236aab581bef062ac1a207501a7b12ed089ce2f24ee9c57e3d25bad1586e5302abdd5b9ccd65bccc4a1686646ac6d71a1e94ab080e5cc7361bece

  • SSDEEP

    6144:dMWnHytWrDW2MfyJSluVKd8o+sUVTGiaO1KJivGpK/q5PpMfuvT938:dgOMfOVE+xVT5aJJieLRauy

Score
8/10
execution

Malware Config

Targets

    • Target

      sharlotan54_2023-06-15-01-37-14_1686775034399.mp4

    • Size

      473KB

    • MD5

      25c252bc27cf7bc7997211bb9535b121

    • SHA1

      d479ae3764bc55011710e1dacdcf835c3319ea04

    • SHA256

      143e0902549cc52134118e70d9d890ac9279cab6c6239cbe85468ea37ff47956

    • SHA512

      38980abb9f6236aab581bef062ac1a207501a7b12ed089ce2f24ee9c57e3d25bad1586e5302abdd5b9ccd65bccc4a1686646ac6d71a1e94ab080e5cc7361bece

    • SSDEEP

      6144:dMWnHytWrDW2MfyJSluVKd8o+sUVTGiaO1KJivGpK/q5PpMfuvT938:dgOMfOVE+xVT5aJJieLRauy

    Score
    8/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks