1d2c6dc364d6e2cfb42c03d8731119499a8914c28c41e83db9de568ed35c1787 | Triage

Sharing

General

Target

iw4x.exe
Size

2.0MB
Sample

240615-wf1v3staqj
MD5

c56b3749e634f947687fbc2431d7dacc
SHA1

2bb5934ae11cd6033adadd23844eb179762dc2f5
SHA256

1d2c6dc364d6e2cfb42c03d8731119499a8914c28c41e83db9de568ed35c1787
SHA512

32b8ca3c9a4b277a9656d071d7f750e961ea39c9349bb45e80ecf55f3ae0c01393edeee9b77f44184e7c83a87e8cca3dbf1060c2c0164fc98a7d8be5f4f2d2ce
SSDEEP

49152:s8Wh7ey2CXEkqykl1EEXz8knkYcFDZX5TkMMKCAQMx0LioYbLQNP:sVhsCU/lGEXzZcFtJTpM3AdwioYk

Score

7^/10

execution

Malware Config

Targets

- Target
  
  iw4x.exe
- Size
  
  2.0MB
- MD5
  
  c56b3749e634f947687fbc2431d7dacc
- SHA1
  
  2bb5934ae11cd6033adadd23844eb179762dc2f5
- SHA256
  
  1d2c6dc364d6e2cfb42c03d8731119499a8914c28c41e83db9de568ed35c1787
- SHA512
  
  32b8ca3c9a4b277a9656d071d7f750e961ea39c9349bb45e80ecf55f3ae0c01393edeee9b77f44184e7c83a87e8cca3dbf1060c2c0164fc98a7d8be5f4f2d2ce
- SSDEEP
  
  49152:s8Wh7ey2CXEkqykl1EEXz8knkYcFDZX5TkMMKCAQMx0LioYbLQNP:sVhsCU/lGEXzZcFtJTpM3AdwioYk
Score

7^/10

execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  4add245d4ba34b04f213409bfe504c07
- SHA1
  
  ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
- SHA256
  
  9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
- SHA512
  
  1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
- SSDEEP
  
  192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score

3^/10
behavioral3 behavioral4
- Target
  
  $TEMP/tidy.bat
- Size
  
  5KB
- MD5
  
  0f87163cbdd0446b5324cce930be8c8b
- SHA1
  
  bbc7aa9471d7a89de11e1fcf83c6a7b654509293
- SHA256
  
  9a181f2597a6da871e10ea6d071726741634af68b2158edb649620c020d2bb0c
- SHA512
  
  727a3d9228121808871f8741bb0222ed29c7ab69b221b858efaf270a391266d6667b0897ee4aad3c446f38150f7bcb47ce3519c20878368909fe280f43825693
- SSDEEP
  
  96:gDLZsflaFNG3gAaeTd5r75DqIjnr1HikBKzac1HNkBCDbLAGlLAGlLADlGi2+I:+ZsNaL6h5r7tLxxBKzX2B0b0Gl0Gl0Dw
Score

1^/10
behavioral5 behavioral6
- Target
  
  $_4_/iw4x.exe
- Size
  
  4.0MB
- MD5
  
  5c42d7edad34b9a6fbc573699657f674
- SHA1
  
  d60025e895d661761204fa8ca9b347e625143ce1
- SHA256
  
  e8026dd43d348584034329610ca7691b7bef866142531382f1fb8155ea4f7269
- SHA512
  
  4e01e613e7b99fe0e18b4d7d04cc2ed221f4a0c3375da6fe1c9b1ae72aa2f419a721824b88cc3fc32bb05ff84bd3daf791eaeced5fafc363306f18e98ef3d9ae
- SSDEEP
  
  98304:yGH10A+iaKQciC2N1XsemQ3MGlv5bNEmlBV4qCxDlM:yGV0A+iaKFiC2N1XsvAB5DlslM
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8