f161c9e2e19ce87e3546b548af50e580015c46ac53d8ea3bdbe67bb0159a8014 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

f161c9e2e1...4N.exe

windows7-x64

8

f161c9e2e1...4N.exe

windows10-2004-x64

8

Sharing

General

Target

f161c9e2e19ce87e3546b548af50e580015c46ac53d8ea3bdbe67bb0159a8014N.exe
Size

1.6MB
Sample

240925-1dk43asaqh
MD5

622c5261ea1ddc535ae501e235ab3680
SHA1

e4eae471d69197a8d275e0b2aa3491fb859d316a
SHA256

f161c9e2e19ce87e3546b548af50e580015c46ac53d8ea3bdbe67bb0159a8014
SHA512

d52df5697abc6324c9aa0076942dc5cb458d1d11667fde9f3135d6c79ba8be1101b45a174be220c87bcf20c2c8fe38f122d9bbacfb15a8a5782bebee416d0220
SSDEEP

12288:MwwwwwwwwwwwwwwfrxCrGbaL2Lp4rM17Pa:MwwwwwwwwwwwwwwA

Score

8^/10

discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f161c9e2e19ce87e3546b548af50e580015c46ac53d8ea3bdbe67bb0159a8014N.exe

Resource

win7-20240903-en

windows7-x64

12 signatures

120 seconds

Behavioral task

behavioral2

Sample

f161c9e2e19ce87e3546b548af50e580015c46ac53d8ea3bdbe67bb0159a8014N.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

15 signatures

120 seconds

Malware Config

Targets

- Target
  
  f161c9e2e19ce87e3546b548af50e580015c46ac53d8ea3bdbe67bb0159a8014N.exe
- Size
  
  1.6MB
- MD5
  
  622c5261ea1ddc535ae501e235ab3680
- SHA1
  
  e4eae471d69197a8d275e0b2aa3491fb859d316a
- SHA256
  
  f161c9e2e19ce87e3546b548af50e580015c46ac53d8ea3bdbe67bb0159a8014
- SHA512
  
  d52df5697abc6324c9aa0076942dc5cb458d1d11667fde9f3135d6c79ba8be1101b45a174be220c87bcf20c2c8fe38f122d9bbacfb15a8a5782bebee416d0220
- SSDEEP
  
  12288:MwwwwwwwwwwwwwwfrxCrGbaL2Lp4rM17Pa:MwwwwwwwwwwwwwwA
Score

8^/10

discovery
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy