88ee2847f7a0a7ab1f7001f67f8e5367b4003a0e4d62fd53359f93639fac4d34 | Triage

Sharing

General

Target

88ee2847f7a0a7ab1f7001f67f8e5367b4003a0e4d62fd53359f93639fac4d34
Size

746KB
Sample

241120-eg53ravnhp
MD5

c1492ef6b883174a8f1d65919a15211a
SHA1

f237eb01b06ca2d1cd44ba1c402f49a4c485f301
SHA256

88ee2847f7a0a7ab1f7001f67f8e5367b4003a0e4d62fd53359f93639fac4d34
SHA512

b884cc0f897339f149ca10d926cc1d9d1d58b71d45aca014df683d85a37f6a84f53795b3186ddeffa7177d41499a76ffb143d11db945fbc37f7cdaab9754a725
SSDEEP

12288:o/WAgGhFC1Byl7dFyE/1JPvglFn3o1HAN7QOYEyaJ6IQeNsjIOXUR4H5w:oeAJnDyEbPYl53o1gqOYEyawIQasjlbK

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  REVISED SPAT24SM007-Q01_INQUIRY.exe
- Size
  
  778KB
- MD5
  
  e1e032aa58ed92552518651f55a4ccdc
- SHA1
  
  5bc92573e456b9d98c90bda6ce00fb85d17b5f06
- SHA256
  
  819453cf1ae051083e60fc82a6125798ab8f94385d65bb2c1920cb7579df6772
- SHA512
  
  dd23fd8101658adec5476851178aa53fec2ec9aaa0c31f07447c994b1258d152cbc455c45bfbf4a697a663e2524da1aa216c20b1f1d2c4144557c4e4effe9e40
- SSDEEP
  
  24576:KQ3Ag1Scj0glx3oLsq4Ymiacm4G2YaVlR:KQQyxggvbqbmoopaVlR
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution