General
-
Target
1ccfd551c7a5b7f1505518cf9c6025345df10c2efae174ba82405d8e98b3fa20N
-
Size
517KB
-
Sample
241103-sn27bswpct
-
MD5
9f24bfee14b2d23fd4fda2da76961c80
-
SHA1
b2bc1eb33d7caabdbb50a947ab4b619feba47966
-
SHA256
1ccfd551c7a5b7f1505518cf9c6025345df10c2efae174ba82405d8e98b3fa20
-
SHA512
000f1d04b77336a876ffeea9cd3f4ac45619333b23cd40fefbf6761a82864695ee648bad67f3d7752b000d21f9743d51ff2bd2e4c3a153181d3b2d7b5601b0ba
-
SSDEEP
12288:4MfzuguRK82MN7PfEwGok3AoG06vQXfBDkWeDvkfk/:4sIRK8X7PfEwmwIzD4x
Static task
static1
Behavioral task
behavioral1
Sample
1ccfd551c7a5b7f1505518cf9c6025345df10c2efae174ba82405d8e98b3fa20N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
1ccfd551c7a5b7f1505518cf9c6025345df10c2efae174ba82405d8e98b3fa20N.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
1ccfd551c7a5b7f1505518cf9c6025345df10c2efae174ba82405d8e98b3fa20N
-
Size
517KB
-
MD5
9f24bfee14b2d23fd4fda2da76961c80
-
SHA1
b2bc1eb33d7caabdbb50a947ab4b619feba47966
-
SHA256
1ccfd551c7a5b7f1505518cf9c6025345df10c2efae174ba82405d8e98b3fa20
-
SHA512
000f1d04b77336a876ffeea9cd3f4ac45619333b23cd40fefbf6761a82864695ee648bad67f3d7752b000d21f9743d51ff2bd2e4c3a153181d3b2d7b5601b0ba
-
SSDEEP
12288:4MfzuguRK82MN7PfEwGok3AoG06vQXfBDkWeDvkfk/:4sIRK8X7PfEwmwIzD4x
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2