6b393d3b18723dc892ebde8229d7e6efc61a8bee71b22fe717e2e1b109eb3976 | Triage

Sharing

General

Target

cpdata
Size

812KB
Sample

240825-whfb6awfpg
MD5

36a76a95fdf4a51451f8936aada5f03b
SHA1

b6855aef1d5946c050b12764ab4cf02c3c2725c1
SHA256

6b393d3b18723dc892ebde8229d7e6efc61a8bee71b22fe717e2e1b109eb3976
SHA512

550bfd09ace7ca5e223f0e60e032e11dd41dab71ce25477afd114d50f277d67d524915a365ef17b7d6580e213de80d5ffbff35a06f1dc7aa0c397edf644939fe
SSDEEP

12288:55+Hq9mCIVBg0iXlbKai0qtsJdRxG/1uQ2vVfpaDMrJ4raKUmt7W08uBFztgfHr:D+Hq9mBCXlbKassG/oJ9BalOKT7vBjg

Score

8^/10

execution

Malware Config

Targets

- Target
  
  cpdata
- Size
  
  812KB
- MD5
  
  36a76a95fdf4a51451f8936aada5f03b
- SHA1
  
  b6855aef1d5946c050b12764ab4cf02c3c2725c1
- SHA256
  
  6b393d3b18723dc892ebde8229d7e6efc61a8bee71b22fe717e2e1b109eb3976
- SHA512
  
  550bfd09ace7ca5e223f0e60e032e11dd41dab71ce25477afd114d50f277d67d524915a365ef17b7d6580e213de80d5ffbff35a06f1dc7aa0c397edf644939fe
- SSDEEP
  
  12288:55+Hq9mCIVBg0iXlbKai0qtsJdRxG/1uQ2vVfpaDMrJ4raKUmt7W08uBFztgfHr:D+Hq9mBCXlbKassG/oJ9BalOKT7vBjg
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1