Extracted

• • Target

    6a59d71155aac8519594c7cc73ddb780N.exe

  • Size

    88KB

  • MD5

    6a59d71155aac8519594c7cc73ddb780

  • SHA1

    4fa2332e79c76bc9fd2fe36de05213a9843a365b

  • SHA256

    5e8e260bc0d6b53773465406ef57cdb5db590da90a631c1fdd338a7c2e8a047b

  • SHA512

    b6cee69db1692cd14a7fc57b3fa0360321222b4c73f44b6554246d36fea4c20494408a62bd86ba2fe550219fa45db3c83b2b8115ed7a2354f76876cf7bb3ef8e

  • SSDEEP

    1536:SI3e7O9I0NTxT4fG9afQZAfUBt7NUAewtB2OozjO28ZtMnP4LpX1clZHzXrPTF:j3UEI0NTxTMfQ+u7NUAewtMO+i28TMQg

  Score

  10^/10

  lateral_movement

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Legitimate hosting services abused for malware hosting/C2

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Remote Services: SMB/Windows Admin Shares

    Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).

    lateral_movement
  behavioral1behavioral2