9797c5b39af031703e0e9c5f8f02f0a2dc253e5f9a95598556de52a39b98403e | Triage

Submit
Reports

Overview

overview

Static

static

3

9797c5b39a...3e.exe

windows7-x64

9797c5b39a...3e.exe

windows10-2004-x64

Sharing

General

Target

9797c5b39af031703e0e9c5f8f02f0a2dc253e5f9a95598556de52a39b98403e.exe
Size

77KB
Sample

241120-28wdyswenj
MD5

5d1e9fd2c6d0cdfd4475db0543a2fd65
SHA1

02edf540a529aab62afbc44a6f660dae50a100a4
SHA256

9797c5b39af031703e0e9c5f8f02f0a2dc253e5f9a95598556de52a39b98403e
SHA512

c4556835841c8181db29d7648fee0d5e17e78fa1d660bd611f1d216975c953a95711e5717d6d30453dc99ea8f3d230a1ce2a10edadf70cda5b71bc56ad815d16
SSDEEP

1536:ekeK40T/mx7y9v7Z/Z2V/GSAFRfBhpVoKE:FD40Dmx7y9DZ/Z2hGVkKE

Score

10^/10

discovery evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9797c5b39af031703e0e9c5f8f02f0a2dc253e5f9a95598556de52a39b98403e.exe

Resource

win7-20241010-en

discovery evasion persistence

windows7-x64

15 signatures

120 seconds

Behavioral task

behavioral2

Sample

9797c5b39af031703e0e9c5f8f02f0a2dc253e5f9a95598556de52a39b98403e.exe

Resource

win10v2004-20241007-en

discovery evasion persistence

windows10-2004-x64

17 signatures

120 seconds

Malware Config

Targets

- Target
  
  9797c5b39af031703e0e9c5f8f02f0a2dc253e5f9a95598556de52a39b98403e.exe
- Size
  
  77KB
- MD5
  
  5d1e9fd2c6d0cdfd4475db0543a2fd65
- SHA1
  
  02edf540a529aab62afbc44a6f660dae50a100a4
- SHA256
  
  9797c5b39af031703e0e9c5f8f02f0a2dc253e5f9a95598556de52a39b98403e
- SHA512
  
  c4556835841c8181db29d7648fee0d5e17e78fa1d660bd611f1d216975c953a95711e5717d6d30453dc99ea8f3d230a1ce2a10edadf70cda5b71bc56ad815d16
- SSDEEP
  
  1536:ekeK40T/mx7y9v7Z/Z2V/GSAFRfBhpVoKE:FD40Dmx7y9DZ/Z2hGVkKE
Score

10^/10

discovery evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence

© 2018-2025

Terms | Privacy