45e9582dce5489528e3f7677f0100b12d2bfd24f855a5c4e9b14169a43fb59df | Triage

Resubmissions

18/03/2025, 05:47

250318-ggzxvavzbw 10

18/03/2025, 05:43

250318-gemvhayny5 8

Sharing

General

Target

見積依頼関電プラント向け_pdf.r00
Size

633KB
Sample

250318-gemvhayny5
MD5

393ce098f71d6e9b7b82c95bbf472178
SHA1

bc99c01ed629a3e3d040fec2313ec64353569e26
SHA256

45e9582dce5489528e3f7677f0100b12d2bfd24f855a5c4e9b14169a43fb59df
SHA512

490b18630c54b8007331e1c7de714892562fcd3b83990844c4672c3e1ca69565beb75bb2f87b173b108d0162dc045011c7ad26873979f9a25966c3a3e9225466
SSDEEP

12288:Fx5eza6nDZvKQ+R7O9NxVZVcSm97Mx1oep3/22IOzZrOzihafJBmT7RKxV:Fx5ezPDFKXmXVfcSmaN/227YzTfJgTFA

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  見積依頼関電プラント向け.exe
- Size
  
  677KB
- MD5
  
  4049dbcdb6def80c9b333713ed8404d3
- SHA1
  
  8be3db13aabb771dd770c2274c4d68de98df8640
- SHA256
  
  63ecd873789a7df2f765161957ec16fb9a4bc94b04e8d8521f344794522dc6f1
- SHA512
  
  aee9df14bcbf01b6356d54516d890d50bfc4256eaf99558dccc553039d32b37b6c2876042719fdde59f39989239e96d8f6d2cd40ea3fbd8be914227f76e0eadd
- SSDEEP
  
  12288:kskNPINJTGMZfUhqmRZwvW3MPN8Fy7RWxW42Akb9fvYgG0Ac+WRW:ENP8Gqshqy69PNWxl2Vb9f3vARg
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution