General
-
Target
dsf32544r3.7z
-
Size
10.1MB
-
Sample
240822-ws5psstbjn
-
MD5
cf7e488dcf9e405e729def95b3dab08f
-
SHA1
dead5ea86c4909572a1bd98b70b022251c6560c2
-
SHA256
e5c1774599c40e4a003b4f03c2a8a98ec3f947d117ebc86196b18d53eb2a4e75
-
SHA512
1fef281468f7aed4146ce69cce355beca490026a80763047052488ce4b7fd0605a4533db44b935db843ea5753f2b92d7f2ac385bf82933301a9f15a821a8a695
-
SSDEEP
196608:Q6w7J2fCf62evOCUhNoxXoFdKRib+lW8ZGX04tvBZk40g0/td0sV5C2pGH90:Q6dfCNeLUXkYFdKRjlZ3ovxGH0M5C2pZ
Static task
static1
Behavioral task
behavioral1
Sample
File.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
File.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
File.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
File.exe
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
File.exe
-
Size
767.0MB
-
MD5
7f99c1fa551e6cf7571ebb68ce3ccc83
-
SHA1
8c613cbb870845f5091fd52c8d683adb45f5b807
-
SHA256
39b8a6b8801ce97feacb776557aa5bf10c91b17ba3020a8125ee6d9a2e92a2e5
-
SHA512
0e5242560161b825003585426d39be62094630804f0ca81fe87e9be323fb90cff9783a723638633cc39074759fba1b67ad2548339eddcaab1c586820770b386e
-
SSDEEP
49152:R5QjBYQHlV1zk0nd3g+il+xC6730Pp2NqDIRfxad+5mHuiKd+ZhO3Iu3X09mh:RqjKUTzJndQwxC673FM+fz+83X0A
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
Suspicious use of SetThreadContext
-