Overview

overview

8

Static

static

1

Win10M

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NS.zip

  • Size

    138.8MB

  • Sample

    210417-kqcerzdpcx

  • MD5

    857ad83f58440a64b81a4ae9960cd77f

  • SHA1

    9b696807331b6ec19f67501ea239d38d5e52bff3

  • SHA256

    47e117f73b1f31787edc5ea4ece3027883dd2510d15b597cbbcc5859742e20fa

  • SHA512

    5112c00901431902c1729eb875f09cfc701f1a09e4f8fdbdee3c755d57eed24d1871b0dc74080f6e88be6f2bbece2aebce7eaf5e066315b532956ac533289174

Score
8/10
discoverymacropersistencexlm

Malware Config

Targets

    • Target

      NS/nipperstudio-2.9.1-win64.exe

    • Size

      136.1MB

    • MD5

      cbf70f826ccdee520631f1d73cec854c

    • SHA1

      d4bca4aa0f8d116d1ccb5b10e5e16856630d5755

    • SHA256

      043659ccabb62e37b7ac1341c34418ea8202ab4b3b663ed4382b319ffde2abd4

    • SHA512

      51304f30b97648439f7f2f3e716d506f50abd752ba9954279a142de4e887823a57c638c09c6d49b810ae185c8df0dcff84931d9d9719a885d9046c2087f2e96e

    Score
    8/10
    discoverymacropersistencexlm

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks