General
-
Target
3a588b6fc7d66a122adc5f3c54af44e3ccbb8c838a97ef50a700503725135bbf
-
Size
5.5MB
-
Sample
241126-1vjybsyjfl
-
MD5
f76848eea998d73bdb1bb808a7526686
-
SHA1
cce025a7112536ace2f92da5e46828d268339ab7
-
SHA256
3a588b6fc7d66a122adc5f3c54af44e3ccbb8c838a97ef50a700503725135bbf
-
SHA512
9fd839734326de1dfc9fd144b1fc113be0068185687baafbebed7b7831cdcd322a149f5c3b42c2c37876aec4f510171990d293e864b0907a08b595e5fc4c4da5
-
SSDEEP
98304:q4sVoAHIDycLz+i0OAy0AZn8YMT40RWVSEOr0mxnmLsP2PUDgCEGYeXIK2hrhKH:tsVtaLCis+RYlRjEcMDP2g7aXI94
Static task
static1
Behavioral task
behavioral1
Sample
3a588b6fc7d66a122adc5f3c54af44e3ccbb8c838a97ef50a700503725135bbf.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
3a588b6fc7d66a122adc5f3c54af44e3ccbb8c838a97ef50a700503725135bbf.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
3a588b6fc7d66a122adc5f3c54af44e3ccbb8c838a97ef50a700503725135bbf
-
Size
5.5MB
-
MD5
f76848eea998d73bdb1bb808a7526686
-
SHA1
cce025a7112536ace2f92da5e46828d268339ab7
-
SHA256
3a588b6fc7d66a122adc5f3c54af44e3ccbb8c838a97ef50a700503725135bbf
-
SHA512
9fd839734326de1dfc9fd144b1fc113be0068185687baafbebed7b7831cdcd322a149f5c3b42c2c37876aec4f510171990d293e864b0907a08b595e5fc4c4da5
-
SSDEEP
98304:q4sVoAHIDycLz+i0OAy0AZn8YMT40RWVSEOr0mxnmLsP2PUDgCEGYeXIK2hrhKH:tsVtaLCis+RYlRjEcMDP2g7aXI94
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Modifies Windows Firewall
-
Possible privilege escalation attempt
-
A potential corporate email address has been identified in the URL: c@s
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
2PowerShell
2System Services
2Service Execution
2Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
3Windows Service
3Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
3Windows Service
3Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
3