4cf6420a44a75abd889dbccbbce49eab540bcd2ee7c8a75346ee6c910a98c6d2 | Triage

Sharing

General

Target

20082024090918082024MSCU5149009.7Z
Size

723KB
Sample

240820-m1v1ws1hql
MD5

db75a0af04e4cf6f1bd70f72e34ab169
SHA1

d26f1a63469ac2757913c50cb0967294547c5a5a
SHA256

4cf6420a44a75abd889dbccbbce49eab540bcd2ee7c8a75346ee6c910a98c6d2
SHA512

69d6142a46c55374448654ddb4f21f41a096ef068f73568be7aa7e48ffd4bbf7b7723ab3af47aad8cc7f63d755a5cc9a865f7b55391575723f4594bab1d90062
SSDEEP

12288:ttNrhcWBH8dAse2Z5YNevvfdsUm/ArNF4wSXmRqqUMXB2ZMdbq5HSt/OSt:phmdAsHOsHFOIrNKXXybXB2ZONt/Oi

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  MSCU5149009.exe
- Size
  
  772KB
- MD5
  
  aab0120a6b51c6ed13d3898a39873fad
- SHA1
  
  6170878e2a3c856a0eaa18c7e5794d09f447bfb5
- SHA256
  
  5c07ec6bee1771f53b2c52e01e8b2531c8991a71f927596cfccab590b7baffc0
- SHA512
  
  95af02a56cc7c5e2b082b7939ac4430857c26bafc92a84e07ad88a8ba964212b8aa3b3dfa007b49fcd12a0c33052245d4192fa9bd693f9a2985fb31d8621c893
- SSDEEP
  
  12288:kS8Vuk89Q7upy9iiRZYbfqa2uVpElpTcTkfq+OoRFPvz8q+zs0R6:0AD9UZYrqa5Gs2FXz8ho
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution