General
-
Target
Suspxct.exe
-
Size
3.8MB
-
Sample
241111-tms3ps1fqd
-
MD5
bb9e693d2df3edaeceb9d8b6cb2fa1df
-
SHA1
0a66c6bca9c11cd5375e7c54897ffc36baab5c27
-
SHA256
201f5728c8000bfa84fea795c6acbba4d216bb2d75d8e239b10f19efc50b8b90
-
SHA512
a7ab242494e1ccb857656870cc2c44911f2f679b14ad3cccbae4d402f0253c0472ffd9b9c2172aa87d8368c6257563042ca9142002e5bc42d8b58e74f7feba79
-
SSDEEP
98304:sQWQ43Ym5daZdjObRfkqXf0F9+KH4kpc+DX/0H:sQWQ43YmOZdukSIEKYOD
Static task
static1
Behavioral task
behavioral1
Sample
Suspxct.exe
Resource
win10ltsc2021-20241023-en
Malware Config
Targets
-
-
Target
Suspxct.exe
-
Size
3.8MB
-
MD5
bb9e693d2df3edaeceb9d8b6cb2fa1df
-
SHA1
0a66c6bca9c11cd5375e7c54897ffc36baab5c27
-
SHA256
201f5728c8000bfa84fea795c6acbba4d216bb2d75d8e239b10f19efc50b8b90
-
SHA512
a7ab242494e1ccb857656870cc2c44911f2f679b14ad3cccbae4d402f0253c0472ffd9b9c2172aa87d8368c6257563042ca9142002e5bc42d8b58e74f7feba79
-
SSDEEP
98304:sQWQ43Ym5daZdjObRfkqXf0F9+KH4kpc+DX/0H:sQWQ43YmOZdukSIEKYOD
-
Modifies visibility of file extensions in Explorer
-
Disables taskbar notifications via registry modification
-
Downloads MZ/PE file
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies file permissions
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Hijack Execution Flow: Executable Installer File Permissions Weakness
Possible Turn off User Account Control's privilege elevation for standard users.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hijack Execution Flow
1Executable Installer File Permissions Weakness
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Hijack Execution Flow
1Executable Installer File Permissions Weakness
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
1File Deletion
1Modify Registry
4