General
-
Target
654a9a0a94a5772baffa955b15b55f79b3af5c675d8ad737c5b015b3b44ef1adN.exe
-
Size
1.6MB
-
Sample
241112-rwwh3sxpdm
-
MD5
483bc574066645dc7614408c8e443e80
-
SHA1
3609b23b50b3c81f0c19eb0fcd5ffa73991bf357
-
SHA256
654a9a0a94a5772baffa955b15b55f79b3af5c675d8ad737c5b015b3b44ef1ad
-
SHA512
13f276108ad92908ae1f4d3d9b21b89b1b141b0d6909fddcb24837abe920fe90db49eade82affe2bb5c184ff180358175341bccffb2539f752d540f89f8dc4b8
-
SSDEEP
12288:avk//qKF76/OXpqSjnTf0clY9uWC+RMpk1OC7HmrWcmbQC5onsYi2:h1zltpu0i2
Static task
static1
Behavioral task
behavioral1
Sample
654a9a0a94a5772baffa955b15b55f79b3af5c675d8ad737c5b015b3b44ef1adN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
654a9a0a94a5772baffa955b15b55f79b3af5c675d8ad737c5b015b3b44ef1adN.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
654a9a0a94a5772baffa955b15b55f79b3af5c675d8ad737c5b015b3b44ef1adN.exe
-
Size
1.6MB
-
MD5
483bc574066645dc7614408c8e443e80
-
SHA1
3609b23b50b3c81f0c19eb0fcd5ffa73991bf357
-
SHA256
654a9a0a94a5772baffa955b15b55f79b3af5c675d8ad737c5b015b3b44ef1ad
-
SHA512
13f276108ad92908ae1f4d3d9b21b89b1b141b0d6909fddcb24837abe920fe90db49eade82affe2bb5c184ff180358175341bccffb2539f752d540f89f8dc4b8
-
SSDEEP
12288:avk//qKF76/OXpqSjnTf0clY9uWC+RMpk1OC7HmrWcmbQC5onsYi2:h1zltpu0i2
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3