ed02f151fff2b77e0c19b0b0bbb82b6e2b9c0af727256516a7d937334fbc897f | Triage

Sharing

General

Target

29112024_1330_28112024_N° OCX 0001-00012.r09
Size

753KB
Sample

241129-qr7j4sxqdz
MD5

f312ecf105cd01dad17faa7780217d43
SHA1

7668360cfc3e687b2f4c0c6c841b85d4dffa6c94
SHA256

ed02f151fff2b77e0c19b0b0bbb82b6e2b9c0af727256516a7d937334fbc897f
SHA512

8577023b2418476bb54a694515bb9fc96ccd15bf9add3e2ed81e1996b46939fc1905bf186c40aff97a17f1ad370e759ab7a6b5dcad4488639185cb1b378d5303
SSDEEP

12288:ke0ViOFF85JHGR9pSZATp8xFu2YRc5Dfhu3Ma1xfHhO+qyoja1GDIIMvwS:kVi885JHaaA1ESapucaL0+qyOaYev

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  N° OCX 0001-00012.exe
- Size
  
  861KB
- MD5
  
  27c13d7e18632c238e3c9533c923c8c5
- SHA1
  
  7dd7dc10bd9f90cdaf514913c515e4def8b5aab4
- SHA256
  
  7799d3a4d65328993adef4f4c40f90d59c84b8bc9422b12c26fdf44a6cce0e49
- SHA512
  
  b076ced98c579ecee6439b2a8839694a0c5e587353d1175415fcb257cd335f83731e78f8cbe22f1caa6fce1e4100de4e6e27977466583b02e2d4a3271a859e8e
- SSDEEP
  
  24576:g0cl1ijQTSwtIgC/bMTaG/B+p+aelhy1zGUxj:gbl8cTSSIgCkPaeliL
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution