b7b1e5a87a5f78858ce704e8279b24fad219b18af0bd504f922b072b52dcb675 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024000000025 scan_Fiyat Teklifi - 10523 2023935164- BUET 0%01%.exe
Size

748KB
Sample

240614-qacy6s1hnc
MD5

187e33a9adbf5e9631d4ec0d72fcd3cf
SHA1

262e3f28f656945a98d6dd6c25c0188cd008a6cd
SHA256

b7b1e5a87a5f78858ce704e8279b24fad219b18af0bd504f922b072b52dcb675
SHA512

29cdb49f9be57fdfd61bb83cf26a4f1382de5489650572e82c0f1a5120e40bfba24e51015585458ee2ec801b82c4240f3f33708be55f3c5adf7468929c5c860a
SSDEEP

12288:6L2iNPyCK2xrOo4FMXdibWXFW5MA6duJqmibsWeANJi2YbkD9ZMn+wC4aay:O15yC5pNAW1W5pJDPCN424u9ZMnm

Score

8^/10

execution

Malware Config

Targets

- Target
  
  2024000000025 scan_Fiyat Teklifi - 10523 2023935164- BUET 0%01%.exe
- Size
  
  748KB
- MD5
  
  187e33a9adbf5e9631d4ec0d72fcd3cf
- SHA1
  
  262e3f28f656945a98d6dd6c25c0188cd008a6cd
- SHA256
  
  b7b1e5a87a5f78858ce704e8279b24fad219b18af0bd504f922b072b52dcb675
- SHA512
  
  29cdb49f9be57fdfd61bb83cf26a4f1382de5489650572e82c0f1a5120e40bfba24e51015585458ee2ec801b82c4240f3f33708be55f3c5adf7468929c5c860a
- SSDEEP
  
  12288:6L2iNPyCK2xrOo4FMXdibWXFW5MA6duJqmibsWeANJi2YbkD9ZMn+wC4aay:O15yC5pNAW1W5pJDPCN424u9ZMnm
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2