dce64de620b212280d3c6ae529c51a9ce4dee56588b30899ab22ecf6c1474f4a | Triage

Sharing

General

Target

dce64de620b212280d3c6ae529c51a9ce4dee56588b30899ab22ecf6c1474f4a.exe
Size

2.8MB
Sample

240810-b7yjtazgll
MD5

9c557c498c29e5d37016400cf0899ac6
SHA1

ad920b902ae3e59a7a135ff814677951e8cf981b
SHA256

dce64de620b212280d3c6ae529c51a9ce4dee56588b30899ab22ecf6c1474f4a
SHA512

4593fa0c25a8350aade2ba99dd8c6ce9b886bd382dd59c7b176d5ac8d24aaed696b4eea4356dce5721b8bff39e7819c1b29baa7335766c3ed542008365d47b47
SSDEEP

49152:0D+RuR30+HB/E8Bvs53F9Frb5dy5/LF9bMjsy6INScBVLy3HYJxMmiWkYGu+UH8:Zw0+HB/E8Ba3F5dy5/LHbM4JIQcBVLy/

Score

10^/10

discovery

Malware Config

Targets

- Target
  
  dce64de620b212280d3c6ae529c51a9ce4dee56588b30899ab22ecf6c1474f4a.exe
- Size
  
  2.8MB
- MD5
  
  9c557c498c29e5d37016400cf0899ac6
- SHA1
  
  ad920b902ae3e59a7a135ff814677951e8cf981b
- SHA256
  
  dce64de620b212280d3c6ae529c51a9ce4dee56588b30899ab22ecf6c1474f4a
- SHA512
  
  4593fa0c25a8350aade2ba99dd8c6ce9b886bd382dd59c7b176d5ac8d24aaed696b4eea4356dce5721b8bff39e7819c1b29baa7335766c3ed542008365d47b47
- SSDEEP
  
  49152:0D+RuR30+HB/E8Bvs53F9Frb5dy5/LF9bMjsy6INScBVLy3HYJxMmiWkYGu+UH8:Zw0+HB/E8Ba3F5dy5/LHbM4JIQcBVLy/
Score

10^/10

discovery
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2