General
-
Target
H2.exe
-
Size
22KB
-
Sample
240629-wvvbvasfmh
-
MD5
669902e0baf0307086c9d347c66152a8
-
SHA1
96a5cc7d488c2273ae58a3ef22bc468d61684132
-
SHA256
900bac2dc0f9eb0691dbbed3dfa5ec6294cfe164dc371763efa0ff20681b1fea
-
SHA512
06f6538048379ce7c861671592b6d04989c4b3400b4875cc50b889404a731e3602aa64a78be654a1b151ae3e39419d21f6877b8eb6c6dfc214a653ef276d227f
-
SSDEEP
384:Ql5PmFkkRZNVbwpumK3pms4eZXsKjX5msMU80UVIx2bOKJSyol+wTMUufNpJDlVX:QlekkLmKPXsK06UbTQVM/nlQ9
Static task
static1
Behavioral task
behavioral1
Sample
H2.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
H2.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
H2.exe
-
Size
22KB
-
MD5
669902e0baf0307086c9d347c66152a8
-
SHA1
96a5cc7d488c2273ae58a3ef22bc468d61684132
-
SHA256
900bac2dc0f9eb0691dbbed3dfa5ec6294cfe164dc371763efa0ff20681b1fea
-
SHA512
06f6538048379ce7c861671592b6d04989c4b3400b4875cc50b889404a731e3602aa64a78be654a1b151ae3e39419d21f6877b8eb6c6dfc214a653ef276d227f
-
SSDEEP
384:Ql5PmFkkRZNVbwpumK3pms4eZXsKjX5msMU80UVIx2bOKJSyol+wTMUufNpJDlVX:QlekkLmKPXsK06UbTQVM/nlQ9
Score10/10-
Disables RegEdit via registry modification
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies file permissions
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1