General
-
Target
ad2e33d75a13db405137e8d980ce3c55ec477a78c7e3ec0c3555955fcf3e9250N
-
Size
420KB
-
Sample
241108-aczyqatkgp
-
MD5
79018ddd1a9f3701fde9a91ab965d920
-
SHA1
c0871efd02b17c4c07122c37d72ab4044aeec409
-
SHA256
ad2e33d75a13db405137e8d980ce3c55ec477a78c7e3ec0c3555955fcf3e9250
-
SHA512
f585f19fc61019dc47d06f06b3ecf8eb8e705749232365674e4274479f783bbae1077b888a2bb75d586d55d646b037a4c6006abb9f8f4da5441827a53e4d8bcf
-
SSDEEP
6144:N5Haogyf7zTpcJZDrc+XfVO3HwVQ4sg8EAw7PDhNPOwttQmsxvZ8L:N548DqUwVQ4JNPDtSwL
Static task
static1
Behavioral task
behavioral1
Sample
ad2e33d75a13db405137e8d980ce3c55ec477a78c7e3ec0c3555955fcf3e9250N.dll
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
ad2e33d75a13db405137e8d980ce3c55ec477a78c7e3ec0c3555955fcf3e9250N
-
Size
420KB
-
MD5
79018ddd1a9f3701fde9a91ab965d920
-
SHA1
c0871efd02b17c4c07122c37d72ab4044aeec409
-
SHA256
ad2e33d75a13db405137e8d980ce3c55ec477a78c7e3ec0c3555955fcf3e9250
-
SHA512
f585f19fc61019dc47d06f06b3ecf8eb8e705749232365674e4274479f783bbae1077b888a2bb75d586d55d646b037a4c6006abb9f8f4da5441827a53e4d8bcf
-
SSDEEP
6144:N5Haogyf7zTpcJZDrc+XfVO3HwVQ4sg8EAw7PDhNPOwttQmsxvZ8L:N548DqUwVQ4JNPDtSwL
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Indirect Command Execution
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Indirect Command Execution
1Modify Registry
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1