d4d5d15a80019ad35455718f42d67ee828aa3a9fe7ed6433fb540d0182432c86 | Triage

Submit
Reports

Overview

overview

Static

static

3

H2 (2).exe

windows7-x64

H2 (2).exe

windows10-2004-x64

Sharing

General

Target

H2 (2).exe
Size

22KB
Sample

240629-dyscjstall
MD5

b014736055c3a7cf6af257dd7f84af7d
SHA1

d2ac0fb6482c2551a72fac685312c007e3e294d7
SHA256

d4d5d15a80019ad35455718f42d67ee828aa3a9fe7ed6433fb540d0182432c86
SHA512

c7401a8dc2c977628f145ff47c162a202709d24ed921ffd4448eb5d97adaaaf8c20244d85649a3dbc17721399b6988b35c4eb6c7b57d17f8492035a93176cb27
SSDEEP

384:Pl5PmikkxZNVUwSymwfixj1VUVIx2b4KJBy/V+wTMUufgqflVW9s:PlxkkDmp9UbdvQMSAlU9

Score

10^/10

discovery evasion exploit trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

H2 (2).exe

Resource

win7-20240220-en

discovery evasion exploit trojan

windows7-x64

14 signatures

300 seconds

Behavioral task

behavioral2

Sample

H2 (2).exe

Resource

win10v2004-20240611-en

discovery evasion exploit trojan

windows10-2004-x64

13 signatures

300 seconds

Malware Config

Targets

- Target
  
  H2 (2).exe
- Size
  
  22KB
- MD5
  
  b014736055c3a7cf6af257dd7f84af7d
- SHA1
  
  d2ac0fb6482c2551a72fac685312c007e3e294d7
- SHA256
  
  d4d5d15a80019ad35455718f42d67ee828aa3a9fe7ed6433fb540d0182432c86
- SHA512
  
  c7401a8dc2c977628f145ff47c162a202709d24ed921ffd4448eb5d97adaaaf8c20244d85649a3dbc17721399b6988b35c4eb6c7b57d17f8492035a93176cb27
- SSDEEP
  
  384:Pl5PmikkxZNVUwSymwfixj1VUVIx2b4KJBy/V+wTMUufgqflVW9s:PlxkkDmp9UbdvQMSAlU9
Score

10^/10

discovery evasion exploit trojan
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryevasionexploittrojan

behavioral2

discoveryevasionexploittrojan

© 2018-2024

Terms | Privacy