cc97cd2834a545c6f4e89aea88a758f9fd880586f55d21dda5c8dd2017ed689b | Triage

Sharing

General

Target

cc97cd2834a545c6f4e89aea88a758f9fd880586f55d21dda5c8dd2017ed689b
Size

754KB
Sample

241121-p8x7bsslhy
MD5

9b8a71b09ca89696e15256d79a7b5d09
SHA1

dfaaf3c9526984ba92ce288e2e39914f4eb059aa
SHA256

cc97cd2834a545c6f4e89aea88a758f9fd880586f55d21dda5c8dd2017ed689b
SHA512

8d62077dd90f39bee4cb263604963e29967f558a49a1255153279352cb5ec3f66d0450f3f9f6dc48f530fb0f79a49e727a3d11e7d781acb8798f2b79072ba32b
SSDEEP

12288:x51Din4v33ye0Ub5CeyiN/+d33jPQVLj4/c9tKiVJj36HG2cK1APfcDOLru:xXiC3ydUkxt0acb9KHG2cbW

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  cc97cd2834a545c6f4e89aea88a758f9fd880586f55d21dda5c8dd2017ed689b
- Size
  
  754KB
- MD5
  
  9b8a71b09ca89696e15256d79a7b5d09
- SHA1
  
  dfaaf3c9526984ba92ce288e2e39914f4eb059aa
- SHA256
  
  cc97cd2834a545c6f4e89aea88a758f9fd880586f55d21dda5c8dd2017ed689b
- SHA512
  
  8d62077dd90f39bee4cb263604963e29967f558a49a1255153279352cb5ec3f66d0450f3f9f6dc48f530fb0f79a49e727a3d11e7d781acb8798f2b79072ba32b
- SSDEEP
  
  12288:x51Din4v33ye0Ub5CeyiN/+d33jPQVLj4/c9tKiVJj36HG2cK1APfcDOLru:xXiC3ydUkxt0acb9KHG2cbW
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution