Extracted

• • Target

    7a285458817660143004002c76b1e1457666b1659dfbd35863541f62630430d0

  • Size

    322KB

  • MD5

    3a2ba5be087162cfdb5d49ac32edd534

  • SHA1

    879043e2954c4cf7f461c1381ae2a943d71bbaef

  • SHA256

    7a285458817660143004002c76b1e1457666b1659dfbd35863541f62630430d0

  • SHA512

    ba8dba7d1cd39b00cf6ee894809b1c09a3f72484d6dafb4ff2b2663d29247baf0565dfc3e4f0bcccb78138ffca59e9c56579485244d00f5b1bc69cfedb1c024a

  • SSDEEP

    6144:CZABbWqsE/Ao+mv8Qv0LVmwq4FU0fNoy6BLGx1d0RjzV5Pnz63LLHBNy:kANwRo+mv8QD4+0V16xblLPkLLhNy

  Score

  10^/10

  defense_evasiondiscoveryexecutionpersistence

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Hide Artifacts: Hidden Window

    Windows that would typically be displayed when an application carries out an operation can be hidden.

    defense_evasion
  behavioral1behavioral2