General
-
Target
13e933f23ff6163b6f9346dfcab1fbf5c079a77d4dcba23195294ec07b2e5db4
-
Size
3.0MB
-
Sample
240913-htecca1apc
-
MD5
b489b70e4957db0d6e31473699926a88
-
SHA1
9704fe8eaafc4cd308db5059a824cba7154585e3
-
SHA256
13e933f23ff6163b6f9346dfcab1fbf5c079a77d4dcba23195294ec07b2e5db4
-
SHA512
5d20ad49483613804b683328a7b41553ca48147068e29805bb705f9cc00c6a3c0c78dcf91e38113a6d3eeb5228974e70865c78682a0949b118633cdf39f4eb1e
-
SSDEEP
49152:LSiOJDGNcTSsbGTs6b5/M/UKzgXadbM0yvtuqR5jLzYGMA4LRZRsN:LSiOVScTpCDhXadpEzY6
Static task
static1
Behavioral task
behavioral1
Sample
13e933f23ff6163b6f9346dfcab1fbf5c079a77d4dcba23195294ec07b2e5db4.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
13e933f23ff6163b6f9346dfcab1fbf5c079a77d4dcba23195294ec07b2e5db4.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
13e933f23ff6163b6f9346dfcab1fbf5c079a77d4dcba23195294ec07b2e5db4
-
Size
3.0MB
-
MD5
b489b70e4957db0d6e31473699926a88
-
SHA1
9704fe8eaafc4cd308db5059a824cba7154585e3
-
SHA256
13e933f23ff6163b6f9346dfcab1fbf5c079a77d4dcba23195294ec07b2e5db4
-
SHA512
5d20ad49483613804b683328a7b41553ca48147068e29805bb705f9cc00c6a3c0c78dcf91e38113a6d3eeb5228974e70865c78682a0949b118633cdf39f4eb1e
-
SSDEEP
49152:LSiOJDGNcTSsbGTs6b5/M/UKzgXadbM0yvtuqR5jLzYGMA4LRZRsN:LSiOVScTpCDhXadpEzY6
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1