Extracted

• • Target

    29.exe

  • Size

    319KB

  • MD5

    e8e59836a0fe2dfebcbde148711b5d56

  • SHA1

    cd8fbf0dcdd429c06c80b124caf574334504e99a

  • SHA256

    2960a2d4d2fd6b7b85b8e3ea4c86ec0c13b93bfd3754a7e772a2c74f564b0009

  • SHA512

    0d0673c64f9e9e1c75e10ce6d02c4b5530831d1659ada88acf951e2bcbd56c38f0c59674b3eb7837fd882b23499eb350f2925fd67d3fdf51992d9a4312a02309

  • SSDEEP

    6144:CZABbWqsE/Ao+mv8Qv0LVmwq4FU0fNoy6BJXCcOS8W78U2kGHF4143nip:kANwRo+mv8QD4+0V167XDOSDN2JF41me

  Score

  10^/10

  defense_evasiondiscoveryexecution

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Hide Artifacts: Hidden Window

    Windows that would typically be displayed when an application carries out an operation can be hidden.

    defense_evasion
  behavioral1behavioral2