Overview

overview

8

Static

static

938b2e0659...44.msi

windows7_x64

8

938b2e0659...44.msi

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    938b2e065955369403bd5ed78c063b44

  • Size

    4.3MB

  • Sample

    210624-cedwdgmhee

  • MD5

    938b2e065955369403bd5ed78c063b44

  • SHA1

    1e98ff12a5f4a390bbceae538e1177a65ad52dad

  • SHA256

    02f79fab5c5cec65fcbd8ad039537afbe7badc815d55e63d031ae527f4a7bbd5

  • SHA512

    159eccba99a0eefbaf078561527bae998202e893724205e0350f20e1c7fd09ccebcc757b433765d223bfcad650f91870e7e2b29031868112636f4061aa0afeb3

Score
8/10
discoveryexploit

Malware Config

Targets

    • Target

      938b2e065955369403bd5ed78c063b44

    • Size

      4.3MB

    • MD5

      938b2e065955369403bd5ed78c063b44

    • SHA1

      1e98ff12a5f4a390bbceae538e1177a65ad52dad

    • SHA256

      02f79fab5c5cec65fcbd8ad039537afbe7badc815d55e63d031ae527f4a7bbd5

    • SHA512

      159eccba99a0eefbaf078561527bae998202e893724205e0350f20e1c7fd09ccebcc757b433765d223bfcad650f91870e7e2b29031868112636f4061aa0afeb3

    Score
    8/10
    discoveryexploit

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Possible privilege escalation attempt

      exploit

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

1
T1222

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks