01dd2184eb71969187a3291afe9c59e93c3c9b9a97a8416e33ed7660c1a62605 | Triage

Submit
Reports

Overview

overview

Static

static

3

01dd2184eb...05.exe

windows7-x64

01dd2184eb...05.exe

windows10-2004-x64

Sharing

General

Target

01dd2184eb71969187a3291afe9c59e93c3c9b9a97a8416e33ed7660c1a62605
Size

87KB
Sample

241120-xv6kjssdkp
MD5

debe698c3b33ab7a6c2081e6545249c2
SHA1

257377217fabf3778cb267cd8a744da0b7e76b96
SHA256

01dd2184eb71969187a3291afe9c59e93c3c9b9a97a8416e33ed7660c1a62605
SHA512

dfac6ef6ed14693281319fd67d2b20479a1d081914c17caf08cc519ad04b2868c42fbeab062d1863b3df21c9da6201f6dfd051c1dc4e3a006ed4c9eb19bf0e2d
SSDEEP

1536:1a3+ddygX7y9v7Z+NoykJHBOAFRfBjG3ldoIH:08dfX7y9DZ+N7eB+IIH

Score

10^/10

discovery evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

01dd2184eb71969187a3291afe9c59e93c3c9b9a97a8416e33ed7660c1a62605.exe

Resource

win7-20240903-en

discovery evasion persistence

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

01dd2184eb71969187a3291afe9c59e93c3c9b9a97a8416e33ed7660c1a62605.exe

Resource

win10v2004-20241007-en

discovery evasion persistence

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  01dd2184eb71969187a3291afe9c59e93c3c9b9a97a8416e33ed7660c1a62605
- Size
  
  87KB
- MD5
  
  debe698c3b33ab7a6c2081e6545249c2
- SHA1
  
  257377217fabf3778cb267cd8a744da0b7e76b96
- SHA256
  
  01dd2184eb71969187a3291afe9c59e93c3c9b9a97a8416e33ed7660c1a62605
- SHA512
  
  dfac6ef6ed14693281319fd67d2b20479a1d081914c17caf08cc519ad04b2868c42fbeab062d1863b3df21c9da6201f6dfd051c1dc4e3a006ed4c9eb19bf0e2d
- SSDEEP
  
  1536:1a3+ddygX7y9v7Z+NoykJHBOAFRfBjG3ldoIH:08dfX7y9DZ+N7eB+IIH
Score

10^/10

discovery evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence

© 2018-2025

Terms | Privacy