143e0902549cc52134118e70d9d890ac9279cab6c6239cbe85468ea37ff47956 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

sharlotan5...99.mp4

windows10-2004-x64

8

Sharing

General

Target

sharlotan54_2023-06-15-01-37-14_1686775034399.mp4
Size

473KB
Sample

240611-w4p4gswhmr
MD5

25c252bc27cf7bc7997211bb9535b121
SHA1

d479ae3764bc55011710e1dacdcf835c3319ea04
SHA256

143e0902549cc52134118e70d9d890ac9279cab6c6239cbe85468ea37ff47956
SHA512

38980abb9f6236aab581bef062ac1a207501a7b12ed089ce2f24ee9c57e3d25bad1586e5302abdd5b9ccd65bccc4a1686646ac6d71a1e94ab080e5cc7361bece
SSDEEP

6144:dMWnHytWrDW2MfyJSluVKd8o+sUVTGiaO1KJivGpK/q5PpMfuvT938:dgOMfOVE+xVT5aJJieLRauy

Score

8^/10

execution

Static task

static1

Behavioral task

behavioral1

Sample

sharlotan54_2023-06-15-01-37-14_1686775034399.mp4

Resource

win10v2004-20240426-en

windows10-2004-x64

19 signatures

600 seconds

Malware Config

Targets

- Target
  
  sharlotan54_2023-06-15-01-37-14_1686775034399.mp4
- Size
  
  473KB
- MD5
  
  25c252bc27cf7bc7997211bb9535b121
- SHA1
  
  d479ae3764bc55011710e1dacdcf835c3319ea04
- SHA256
  
  143e0902549cc52134118e70d9d890ac9279cab6c6239cbe85468ea37ff47956
- SHA512
  
  38980abb9f6236aab581bef062ac1a207501a7b12ed089ce2f24ee9c57e3d25bad1586e5302abdd5b9ccd65bccc4a1686646ac6d71a1e94ab080e5cc7361bece
- SSDEEP
  
  6144:dMWnHytWrDW2MfyJSluVKd8o+sUVTGiaO1KJivGpK/q5PpMfuvT938:dgOMfOVE+xVT5aJJieLRauy
Score

8^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy