3220d05370089858afc641382a81dd7e36ee4ad2061addfaf9d70b966e20b718 | Triage

Sharing

General

Target

PqHR.exe
Size

703KB
Sample

240828-ygdhaavark
MD5

7f0bde5df6ebbdceeda83413fc738320
SHA1

0b56f2596dc7a7a98d0658fa713c390fc13e3b58
SHA256

3220d05370089858afc641382a81dd7e36ee4ad2061addfaf9d70b966e20b718
SHA512

65b54ebaeeb4738043de99d0b0426a734f1b5aef4b1060824f9483c61a68d71f3d7386e2673c8b6578f1decbd0d18ca31df3026101304b200e91770a2b3794d1
SSDEEP

12288:6mdn4uUeOJon2ftsknVYzi9FCqW+mizBu0LbDcrnsCQYF9eNQvnoj/TY9VNh6T+6:6gTOJCciUPFCqTmiVt/crnbF9eKnM0V/

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  PqHR.exe
- Size
  
  703KB
- MD5
  
  7f0bde5df6ebbdceeda83413fc738320
- SHA1
  
  0b56f2596dc7a7a98d0658fa713c390fc13e3b58
- SHA256
  
  3220d05370089858afc641382a81dd7e36ee4ad2061addfaf9d70b966e20b718
- SHA512
  
  65b54ebaeeb4738043de99d0b0426a734f1b5aef4b1060824f9483c61a68d71f3d7386e2673c8b6578f1decbd0d18ca31df3026101304b200e91770a2b3794d1
- SSDEEP
  
  12288:6mdn4uUeOJon2ftsknVYzi9FCqW+mizBu0LbDcrnsCQYF9eNQvnoj/TY9VNh6T+6:6gTOJCciUPFCqTmiVt/crnbF9eKnM0V/
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution