General
-
Target
source_prepared.exe
-
Size
80.6MB
-
Sample
240630-sq76cstbjj
-
MD5
5c92a72875b245378a6f4f8a9af7e2a1
-
SHA1
a9a0cae4a0bcc9817d771b1c926ffb3175ec30db
-
SHA256
cf8b0038277f80f6ccae1d3b253b2eaef42d592cf986536bd43ad4022bbabba6
-
SHA512
7a4f4fa9e07bf7568d6f5ffd327950e1d027832a3d913228e9f56bf9c4732c84be8230d50bc2c365bcea7af4730807ed40808a1ed84959c366e412ebafb9a684
-
SSDEEP
1572864:OvNBYQglX2XaSk8IpG7V+VPhqb+TnE7Ulg8iYgj+h58sMw5IlWj95qgcJX0:OvNBYxRtSkB05awb+Tfe25FSK95K0
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win11-20240419-en
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
80.6MB
-
MD5
5c92a72875b245378a6f4f8a9af7e2a1
-
SHA1
a9a0cae4a0bcc9817d771b1c926ffb3175ec30db
-
SHA256
cf8b0038277f80f6ccae1d3b253b2eaef42d592cf986536bd43ad4022bbabba6
-
SHA512
7a4f4fa9e07bf7568d6f5ffd327950e1d027832a3d913228e9f56bf9c4732c84be8230d50bc2c365bcea7af4730807ed40808a1ed84959c366e412ebafb9a684
-
SSDEEP
1572864:OvNBYQglX2XaSk8IpG7V+VPhqb+TnE7Ulg8iYgj+h58sMw5IlWj95qgcJX0:OvNBYxRtSkB05awb+Tfe25FSK95K0
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1