023034cca9da6237539371b5b9ed642a7e27586f5908ee9cd400649665c22a40 | Triage

Sharing

General

Target

Shipping documentsInvoice and Packing List, Certificate of Origin.exe
Size

796KB
Sample

240803-h2mzfs1cnh
MD5

64aeff6b5ea5d45e1eb5494e683847b0
SHA1

0a2df2a4827003e76c49017870f460cc602189c4
SHA256

023034cca9da6237539371b5b9ed642a7e27586f5908ee9cd400649665c22a40
SHA512

a10b16b1dabb73df2c86c3ed635ac5aa32e40b5d289191552e6bc2e27690c6dd442f766eb11cc28808eae2524b663221acccf98ad86385841ceb756156d48b45
SSDEEP

24576:5CHtJNcJA+MsMDOJMe6AANIl4z3pQtiGs0q:UN9+M7e6AAClJ1s

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  Shipping documentsInvoice and Packing List, Certificate of Origin.exe
- Size
  
  796KB
- MD5
  
  64aeff6b5ea5d45e1eb5494e683847b0
- SHA1
  
  0a2df2a4827003e76c49017870f460cc602189c4
- SHA256
  
  023034cca9da6237539371b5b9ed642a7e27586f5908ee9cd400649665c22a40
- SHA512
  
  a10b16b1dabb73df2c86c3ed635ac5aa32e40b5d289191552e6bc2e27690c6dd442f766eb11cc28808eae2524b663221acccf98ad86385841ceb756156d48b45
- SSDEEP
  
  24576:5CHtJNcJA+MsMDOJMe6AANIl4z3pQtiGs0q:UN9+M7e6AAClJ1s
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution