Extracted

Extracted

• • Target

    e1e3a3d82a5705bb3fb54b66b71ecb831292a0df6840b215a999cd960f297711.exe

  • Size

    504KB

  • MD5

    8b7ed745bf0d5f0eaa43940d9cdeab37

  • SHA1

    2916a90ce784cc380c03828dc5a15907d490be42

  • SHA256

    e1e3a3d82a5705bb3fb54b66b71ecb831292a0df6840b215a999cd960f297711

  • SHA512

    c731b0688ad792e4448ce6bd882a288757a949fd1cf645a6d93b36d1a1a4689f6e7f843edb1660bf0a63774ee795e054e4d443655f7144ac4a3fa35ad1737df3

  • SSDEEP

    12288:TLMEalqxXblqoRX5qbfphLxaOdRSRW4H4444Cbm:HqaXNabfphLxaSRSRW4H4444Cbm

  Score

  10^/10

  executiondefense_evasionpersistence

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  behavioral1behavioral2