ce88c9ff39d657e12a92a5f6c1c252647272c9c6412e6cc696b7232445e4a71f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f71a7de1dea2865d4f3bb725b86f9f60N.exe
Size

1.4MB
Sample

240823-tzpk2sxeqj
MD5

f71a7de1dea2865d4f3bb725b86f9f60
SHA1

54087afe8e0c8a7877540c58acf8b498e526e0f5
SHA256

ce88c9ff39d657e12a92a5f6c1c252647272c9c6412e6cc696b7232445e4a71f
SHA512

6a1e9a6693969ad2c08babc0253c413e4a8dca113b41482b7f1ffdd30de317279f99d5ca158b7b58e614f83799f7767b2754ecd1a1f1127e88346a0b6d6897d4
SSDEEP

24576:CZkcYXy6jbvkEhkmWbay5h1XYQOQQ5rtwD24BXcO9hbj0d:CZkDjbJkmu1XYn7/wyVebj

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  f71a7de1dea2865d4f3bb725b86f9f60N.exe
- Size
  
  1.4MB
- MD5
  
  f71a7de1dea2865d4f3bb725b86f9f60
- SHA1
  
  54087afe8e0c8a7877540c58acf8b498e526e0f5
- SHA256
  
  ce88c9ff39d657e12a92a5f6c1c252647272c9c6412e6cc696b7232445e4a71f
- SHA512
  
  6a1e9a6693969ad2c08babc0253c413e4a8dca113b41482b7f1ffdd30de317279f99d5ca158b7b58e614f83799f7767b2754ecd1a1f1127e88346a0b6d6897d4
- SSDEEP
  
  24576:CZkcYXy6jbvkEhkmWbay5h1XYQOQQ5rtwD24BXcO9hbj0d:CZkDjbJkmu1XYn7/wyVebj
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence