Overview

overview

8

Static

static

CertifyThe...12.exe

windows7_x64

8

CertifyThe...12.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CertifyTheWebSetup_V5.1.12.exe

  • Size

    12.4MB

  • Sample

    201101-bhksa9waq2

  • MD5

    7e7db923e1269af3ce5247c8bac5a1aa

  • SHA1

    b1cb7bfb284080526b15051eeb4663a625265947

  • SHA256

    2c35fc20c4409bfe335b2e3ab14e635ac4cf6a9c674853717395c3ce0cb2ca1f

  • SHA512

    5ce6fe5d314f913019a6664858d26f7f4edff9e14934f66d561acdb8f13d72b95c1ac642c941419a73b0dbd0b08f89fd4575f03de50e96a66065a7265bd5062d

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      CertifyTheWebSetup_V5.1.12.exe

    • Size

      12.4MB

    • MD5

      7e7db923e1269af3ce5247c8bac5a1aa

    • SHA1

      b1cb7bfb284080526b15051eeb4663a625265947

    • SHA256

      2c35fc20c4409bfe335b2e3ab14e635ac4cf6a9c674853717395c3ce0cb2ca1f

    • SHA512

      5ce6fe5d314f913019a6664858d26f7f4edff9e14934f66d561acdb8f13d72b95c1ac642c941419a73b0dbd0b08f89fd4575f03de50e96a66065a7265bd5062d

    Score
    8/10
    discoverypersistence

    • Executes dropped EXE

    • Sets service image path in registry

      persistence

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • JavaScript code in executable

    • Modifies service

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks