General

  • Target

    DriverUpdate-setup-787b5068-7237-4eb5-af86-4038ded17345.exe

  • Size

    690KB

  • Sample

    210119-ykmrlnb7px

  • MD5

    9b57d8f7ebf2e307a02430be0a1cdab1

  • SHA1

    15aa078a2e52d95702a35a9d7cff2ec352c73913

  • SHA256

    92dd3781f16d24879509cc96d5a8d3a648ba0249e7da7b1f829e0d4bc455528a

  • SHA512

    387f35d43d2c8e6c1de420e6e3a4b73dc5822901761a2ca4d6e58a0579545ef441dfe3d86dbd1bc0b088f3fa302d13d98c544d6e4491fee9e88c8c0609cecb42

Score
10/10

Malware Config

Targets

    • Target

      DriverUpdate-setup-787b5068-7237-4eb5-af86-4038ded17345.exe

    • Size

      690KB

    • MD5

      9b57d8f7ebf2e307a02430be0a1cdab1

    • SHA1

      15aa078a2e52d95702a35a9d7cff2ec352c73913

    • SHA256

      92dd3781f16d24879509cc96d5a8d3a648ba0249e7da7b1f829e0d4bc455528a

    • SHA512

      387f35d43d2c8e6c1de420e6e3a4b73dc5822901761a2ca4d6e58a0579545ef441dfe3d86dbd1bc0b088f3fa302d13d98c544d6e4491fee9e88c8c0609cecb42

    Score
    10/10
    • Registers COM server for autorun

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • JavaScript code in executable

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Tasks