Extracted

Extracted

• • Target

    92bbfd4193f3b7cec24b76f4a9b868802b1a4c9d453743740cc228ae8ed65074

  • Size

    11KB

  • MD5

    12aca2637f3ce00c611462b2c663f9c1

  • SHA1

    23349f9d04fb1079b5f0a6a6338f336fc11ec71d

  • SHA256

    92bbfd4193f3b7cec24b76f4a9b868802b1a4c9d453743740cc228ae8ed65074

  • SHA512

    34faca763e8d808cc44b901188cfab0513cc24de3345bea9a2610c6ac029f98ae7e694131022196bf8ceb7e0f3dbe145219b707e3a6cad1a44321708f754a343

  • SSDEEP

    192:aussJcQAZ3I4QoSo9boKtO9hOiF+WsuWOJr+Bn4rFFewOgU76mAxPvVF:aussJcQAZ3I4vSWbftO9EG+luJrW4rFP

  Score

  10^/10

  executiondefense_evasionpersistence

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  behavioral1behavioral2