General
-
Target
c7e62994e4d9cbb42f7c6aad4fc9d2cf4bcf71bb55617e2b85c2cc572a48b225
-
Size
3.2MB
-
Sample
240614-ef3w1ayaml
-
MD5
e8833c2461a56bf3f9c5dcc9f8c10d52
-
SHA1
38471edfcd9c0c44c48b20df6bfdf7b37b2386ef
-
SHA256
c7e62994e4d9cbb42f7c6aad4fc9d2cf4bcf71bb55617e2b85c2cc572a48b225
-
SHA512
528acb2bbb5ff5fedc9bb167fb4f00a36d31cbe80456844a99b770fe5f4e383dd27bc214042837f823350d8fd8ab85a827dcb66619c8fb4c9307d04bc5805fc5
-
SSDEEP
49152:cJZoQrbTFZY1iaxrLJpVCsLFH7Vo4IvhVMfQMlIdtrhjE613FH7Vo4IvhVMGL:ctrbTA1xrFH7VVGHRKEjxtFH7VVGHlL
Static task
static1
Behavioral task
behavioral1
Sample
c7e62994e4d9cbb42f7c6aad4fc9d2cf4bcf71bb55617e2b85c2cc572a48b225.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
c7e62994e4d9cbb42f7c6aad4fc9d2cf4bcf71bb55617e2b85c2cc572a48b225.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
c7e62994e4d9cbb42f7c6aad4fc9d2cf4bcf71bb55617e2b85c2cc572a48b225
-
Size
3.2MB
-
MD5
e8833c2461a56bf3f9c5dcc9f8c10d52
-
SHA1
38471edfcd9c0c44c48b20df6bfdf7b37b2386ef
-
SHA256
c7e62994e4d9cbb42f7c6aad4fc9d2cf4bcf71bb55617e2b85c2cc572a48b225
-
SHA512
528acb2bbb5ff5fedc9bb167fb4f00a36d31cbe80456844a99b770fe5f4e383dd27bc214042837f823350d8fd8ab85a827dcb66619c8fb4c9307d04bc5805fc5
-
SSDEEP
49152:cJZoQrbTFZY1iaxrLJpVCsLFH7Vo4IvhVMfQMlIdtrhjE613FH7Vo4IvhVMGL:ctrbTA1xrFH7VVGHRKEjxtFH7VVGHlL
Score8/10-
Modifies Installed Components in the registry
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1