Overview

overview

10

Static

static

productman...ae.exe

windows7_x64

10

productman...ae.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    productmanualsguide.ad89e6240e9a44989b04b561ca5d55ae.exe

  • Size

    374KB

  • Sample

    201201-vxw4prcvsa

  • MD5

    43a864f4a0b4723600be5aa8eda46937

  • SHA1

    cb62a60a015f913a27dd59ff465a31341d27a5bd

  • SHA256

    30b040107c6934062082db4dd5e5988e6737f45dd00725065cbfb88b849ec05f

  • SHA512

    d20ee3a96788d5d5250ba9c818ad9495630cd119cf055c0f2b2f12074b0c64fe2ee80be2cb02c6dad390404d28bd9ff8aa8e1558dc685621efaf3cf16eb4119c

Score
10/10
discoverypersistence

Malware Config

Targets

    • Target

      productmanualsguide.ad89e6240e9a44989b04b561ca5d55ae.exe

    • Size

      374KB

    • MD5

      43a864f4a0b4723600be5aa8eda46937

    • SHA1

      cb62a60a015f913a27dd59ff465a31341d27a5bd

    • SHA256

      30b040107c6934062082db4dd5e5988e6737f45dd00725065cbfb88b849ec05f

    • SHA512

      d20ee3a96788d5d5250ba9c818ad9495630cd119cf055c0f2b2f12074b0c64fe2ee80be2cb02c6dad390404d28bd9ff8aa8e1558dc685621efaf3cf16eb4119c

    Score
    10/10
    discoverypersistence

    • Registers COM server for autorun

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • JavaScript code in executable

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks