General
-
Target
68857821459396a2786bd570267b31b972138b87031f1fed65efd27d62bf0290.exe
-
Size
1.6MB
-
Sample
241120-wj9x6avngl
-
MD5
31b96300fe12098d06b064c05d7b4844
-
SHA1
40493fcfc4a5066e37ac710906a0813b24c78a02
-
SHA256
68857821459396a2786bd570267b31b972138b87031f1fed65efd27d62bf0290
-
SHA512
27ac87aad5a7bb96485b221d6be2aaed8bfa3ad9758f3609ca77ac51e0f3cfeed6648233047ff0a52aad6813ecc00c4fa8352cbff220fae0ad93be897f89ebdc
-
SSDEEP
24576:Y/WWf67etHLvLdh+dLNuK5imSFRWct3BfA59jACSr6ggTan9mTYdGvhH0WygS:Uf66tXdh+147YcXIfUCc6bG9DgS
Malware Config
Targets
-
-
Target
68857821459396a2786bd570267b31b972138b87031f1fed65efd27d62bf0290.exe
-
Size
1.6MB
-
MD5
31b96300fe12098d06b064c05d7b4844
-
SHA1
40493fcfc4a5066e37ac710906a0813b24c78a02
-
SHA256
68857821459396a2786bd570267b31b972138b87031f1fed65efd27d62bf0290
-
SHA512
27ac87aad5a7bb96485b221d6be2aaed8bfa3ad9758f3609ca77ac51e0f3cfeed6648233047ff0a52aad6813ecc00c4fa8352cbff220fae0ad93be897f89ebdc
-
SSDEEP
24576:Y/WWf67etHLvLdh+dLNuK5imSFRWct3BfA59jACSr6ggTan9mTYdGvhH0WygS:Uf66tXdh+147YcXIfUCc6bG9DgS
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates processes with tasklist
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1