9dcc01612a83a0622a72f47a70983d3a9cd5a5faab1b099d56ee17d6a39265bf | Triage

Submit
Reports

Overview

overview

Static

static

3

9dcc01612a...fN.exe

windows7-x64

9dcc01612a...fN.exe

windows10-2004-x64

Sharing

General

Target

9dcc01612a83a0622a72f47a70983d3a9cd5a5faab1b099d56ee17d6a39265bfN.exe
Size

45KB
Sample

241120-dpbcnszfpp
MD5

32b8d27e04dcdc6758fb2e5eb0abee60
SHA1

4939a642a0457a0f62356216a4d0348f01eef25c
SHA256

9dcc01612a83a0622a72f47a70983d3a9cd5a5faab1b099d56ee17d6a39265bf
SHA512

1fe56c6ff7afc361693d57ef631266c6e398fd7e5691f4fb84cdc0166dfbf6e4ac2721056d59e05d64dbf364e160006b0d53e9aee36acea996b8db7b629adcb7
SSDEEP

768:5qt/WXwCXV/aNOFi5XOCmg9TgEqxZihrWS9ybsvw+I9D88888888888JX9:5UWXaMU5Xvp3FrbCEn9

Score

10^/10

discovery evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9dcc01612a83a0622a72f47a70983d3a9cd5a5faab1b099d56ee17d6a39265bfN.exe

Resource

win7-20240903-en

discovery evasion persistence

windows7-x64

16 signatures

120 seconds

Behavioral task

behavioral2

Sample

9dcc01612a83a0622a72f47a70983d3a9cd5a5faab1b099d56ee17d6a39265bfN.exe

Resource

win10v2004-20241007-en

discovery evasion persistence

windows10-2004-x64

17 signatures

120 seconds

Malware Config

Targets

- Target
  
  9dcc01612a83a0622a72f47a70983d3a9cd5a5faab1b099d56ee17d6a39265bfN.exe
- Size
  
  45KB
- MD5
  
  32b8d27e04dcdc6758fb2e5eb0abee60
- SHA1
  
  4939a642a0457a0f62356216a4d0348f01eef25c
- SHA256
  
  9dcc01612a83a0622a72f47a70983d3a9cd5a5faab1b099d56ee17d6a39265bf
- SHA512
  
  1fe56c6ff7afc361693d57ef631266c6e398fd7e5691f4fb84cdc0166dfbf6e4ac2721056d59e05d64dbf364e160006b0d53e9aee36acea996b8db7b629adcb7
- SSDEEP
  
  768:5qt/WXwCXV/aNOFi5XOCmg9TgEqxZihrWS9ybsvw+I9D88888888888JX9:5UWXaMU5Xvp3FrbCEn9
Score

10^/10

discovery evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence

© 2018-2025

Terms | Privacy