444de55e0322c45cbd8e0c924ffd064314cd009fee90e2de7f6862bd79165c4d | Triage

Submit
Reports

Overview

overview

Static

static

3

444de55e03...4d.exe

windows7-x64

444de55e03...4d.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

444de55e0322c45cbd8e0c924ffd064314cd009fee90e2de7f6862bd79165c4d
Size

77KB
Sample

240611-z7lr1sscje
MD5

34b51f4259393363f4885d12c10ac423
SHA1

61c1078169c9e8f56bac877b27bf59714362358a
SHA256

444de55e0322c45cbd8e0c924ffd064314cd009fee90e2de7f6862bd79165c4d
SHA512

5fa618b87d5997bc1cc0c36de0a4f75f28bd27b75ad1893ba31b3a42c76ac7b3d11463eeb33b83f46956bbf82b5304ef5f538c0a07fac8300135942c2ed8769a
SSDEEP

1536:ekeK40T/mx7y9v7Z/Z2V/GSAFRfBhpVoKy:FD40Dmx7y9DZ/Z2hGVkKy

Score

10^/10

evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

444de55e0322c45cbd8e0c924ffd064314cd009fee90e2de7f6862bd79165c4d.exe

Resource

win7-20240508-en

evasion persistence

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

444de55e0322c45cbd8e0c924ffd064314cd009fee90e2de7f6862bd79165c4d.exe

Resource

win10v2004-20240611-en

evasion persistence

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  444de55e0322c45cbd8e0c924ffd064314cd009fee90e2de7f6862bd79165c4d
- Size
  
  77KB
- MD5
  
  34b51f4259393363f4885d12c10ac423
- SHA1
  
  61c1078169c9e8f56bac877b27bf59714362358a
- SHA256
  
  444de55e0322c45cbd8e0c924ffd064314cd009fee90e2de7f6862bd79165c4d
- SHA512
  
  5fa618b87d5997bc1cc0c36de0a4f75f28bd27b75ad1893ba31b3a42c76ac7b3d11463eeb33b83f46956bbf82b5304ef5f538c0a07fac8300135942c2ed8769a
- SSDEEP
  
  1536:ekeK40T/mx7y9v7Z/Z2V/GSAFRfBhpVoKy:FD40Dmx7y9DZ/Z2hGVkKy
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy