General
-
Target
2d84e1e52b7502a8704c99e4a3f0e48ed31904c885ab2577a2b8cbcaff1c3620
-
Size
840KB
-
Sample
241113-znhw1syfra
-
MD5
af65821d2f5fe034ca3d446323919fc2
-
SHA1
e76a08a3d02185f0f5d2c03d292e04dcfad7d523
-
SHA256
2d84e1e52b7502a8704c99e4a3f0e48ed31904c885ab2577a2b8cbcaff1c3620
-
SHA512
b6782ce22e2410c68edbf41cf5642400fa40b836577012b7ee1357980ec25256acc0f7e178e086dda9d80eca4cd9ee8aed4f9fce76fd0aa2502d5d0b44d7ae27
-
SSDEEP
24576:0p7iek6rKytyOdGzA4j4+oH7SH59Tn1jd1AT:0p7zllcOdRyM7SHr5d1
Static task
static1
Behavioral task
behavioral1
Sample
2d84e1e52b7502a8704c99e4a3f0e48ed31904c885ab2577a2b8cbcaff1c3620.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
2d84e1e52b7502a8704c99e4a3f0e48ed31904c885ab2577a2b8cbcaff1c3620
-
Size
840KB
-
MD5
af65821d2f5fe034ca3d446323919fc2
-
SHA1
e76a08a3d02185f0f5d2c03d292e04dcfad7d523
-
SHA256
2d84e1e52b7502a8704c99e4a3f0e48ed31904c885ab2577a2b8cbcaff1c3620
-
SHA512
b6782ce22e2410c68edbf41cf5642400fa40b836577012b7ee1357980ec25256acc0f7e178e086dda9d80eca4cd9ee8aed4f9fce76fd0aa2502d5d0b44d7ae27
-
SSDEEP
24576:0p7iek6rKytyOdGzA4j4+oH7SH59Tn1jd1AT:0p7zllcOdRyM7SHr5d1
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-