General
-
Target
4b0f98022fefdc4da50914dd1a833af5b6d6c327ed886853a5e20c13ae13fd9f.exe
-
Size
88KB
-
Sample
241111-pknmzsyhjq
-
MD5
7e913d2f80ffcb847fd454ed5d9d6573
-
SHA1
366cb28ec09e6354992c97691eca0b6c63121660
-
SHA256
4b0f98022fefdc4da50914dd1a833af5b6d6c327ed886853a5e20c13ae13fd9f
-
SHA512
464bfeeca5ec768c7b73cd69216c26bf773cb18f2566c144d8d767cf1b6bf3626a684bff2330f214eb0616360566f606c9afb4a4f8cec2b0546ae7421a4f8541
-
SSDEEP
768:aQNIscPXcOAKrm//4SE6rdcIz0M6mc39vAqBbXml/X4B0blMTIWo90UvIC2TVGpG:aCILvs9NctvAqlWpoBjpUv72TDFP3
Static task
static1
Behavioral task
behavioral1
Sample
4b0f98022fefdc4da50914dd1a833af5b6d6c327ed886853a5e20c13ae13fd9f.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4b0f98022fefdc4da50914dd1a833af5b6d6c327ed886853a5e20c13ae13fd9f.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
4b0f98022fefdc4da50914dd1a833af5b6d6c327ed886853a5e20c13ae13fd9f.exe
-
Size
88KB
-
MD5
7e913d2f80ffcb847fd454ed5d9d6573
-
SHA1
366cb28ec09e6354992c97691eca0b6c63121660
-
SHA256
4b0f98022fefdc4da50914dd1a833af5b6d6c327ed886853a5e20c13ae13fd9f
-
SHA512
464bfeeca5ec768c7b73cd69216c26bf773cb18f2566c144d8d767cf1b6bf3626a684bff2330f214eb0616360566f606c9afb4a4f8cec2b0546ae7421a4f8541
-
SSDEEP
768:aQNIscPXcOAKrm//4SE6rdcIz0M6mc39vAqBbXml/X4B0blMTIWo90UvIC2TVGpG:aCILvs9NctvAqlWpoBjpUv72TDFP3
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1