General
-
Target
IMG__12724.exe
-
Size
704KB
-
Sample
240712-tm77ma1cml
-
MD5
a309f8839dd6e219d8cd485cc399e3a2
-
SHA1
f77aca108b45144c7ae32d76dd1a032a6e6353fd
-
SHA256
d270c8a2103434ec8902b1d192f8907c2a36389e7657fca3dec2cfd5bbeaa917
-
SHA512
1d155f98962cf1401c821d3514ca19fde9caaf1afdf120c7fffd1743f76d2a6bb02c48d1fb4934e6943092f230318b411cb824b0097728d4afc008c65ab22931
-
SSDEEP
12288:Dd2iNzBRy3VetjsTkniznIIIoiL227v1HJw8IPesy:Dd1PjNcIoo20HJw8qO
Static task
static1
Behavioral task
behavioral1
Sample
IMG__12724.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
IMG__12724.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
IMG__12724.exe
-
Size
704KB
-
MD5
a309f8839dd6e219d8cd485cc399e3a2
-
SHA1
f77aca108b45144c7ae32d76dd1a032a6e6353fd
-
SHA256
d270c8a2103434ec8902b1d192f8907c2a36389e7657fca3dec2cfd5bbeaa917
-
SHA512
1d155f98962cf1401c821d3514ca19fde9caaf1afdf120c7fffd1743f76d2a6bb02c48d1fb4934e6943092f230318b411cb824b0097728d4afc008c65ab22931
-
SSDEEP
12288:Dd2iNzBRy3VetjsTkniznIIIoiL227v1HJw8IPesy:Dd1PjNcIoo20HJw8qO
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Scripting
1Persistence
Event Triggered Execution
1Accessibility Features
1Scheduled Task/Job
1Scheduled Task
1