ed2020d0ae7e0775f1b543853838940a346a66b9152231abcbf1b96f8e33df1a | Triage

Sharing

General

Target

ed2020d0ae7e0775f1b543853838940a346a66b9152231abcbf1b96f8e33df1a.exe
Size

655KB
Sample

240723-e59e3sybnp
MD5

5212abae5e9509caaa31d90e15128564
SHA1

09174744bcdc80958834cf0dfd7be803a6edc631
SHA256

ed2020d0ae7e0775f1b543853838940a346a66b9152231abcbf1b96f8e33df1a
SHA512

a64b48c92f2ebd36677682d799ab979a9610989d4a3de642d50d28d68a37a2d1782b7fece45105391cbcbec18d08d943a066cae9a5ab614f99a99d5a21b67b97
SSDEEP

12288:CkHFr94isGpnPXlWAfw94QvtZ2M/8fIYzx+QIulnQj3m5BEV52pkR:zHFr9hPffwuQvtZ2M/CIQIulQj3m0720

Score

8^/10

execution

Malware Config

Targets

- Target
  
  ed2020d0ae7e0775f1b543853838940a346a66b9152231abcbf1b96f8e33df1a.exe
- Size
  
  655KB
- MD5
  
  5212abae5e9509caaa31d90e15128564
- SHA1
  
  09174744bcdc80958834cf0dfd7be803a6edc631
- SHA256
  
  ed2020d0ae7e0775f1b543853838940a346a66b9152231abcbf1b96f8e33df1a
- SHA512
  
  a64b48c92f2ebd36677682d799ab979a9610989d4a3de642d50d28d68a37a2d1782b7fece45105391cbcbec18d08d943a066cae9a5ab614f99a99d5a21b67b97
- SSDEEP
  
  12288:CkHFr94isGpnPXlWAfw94QvtZ2M/8fIYzx+QIulnQj3m5BEV52pkR:zHFr9hPffwuQvtZ2M/CIQIulQj3m0720
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2