Overview

overview

8

Static

static

OfficeSetup.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    OfficeSetup.exe

  • Size

    5.0MB

  • Sample

    210721-zaxcgnevb2

  • MD5

    2cd6dc080a634beb490163f76199a013

  • SHA1

    db4eb17b689ae7811c6e0b41bd73df83984682b3

  • SHA256

    e6b5c8362f7ebcad6a5efef3772bfd4802ee6c34a617bbb8d2870b082fee3423

  • SHA512

    fd94668806825515a1e90ebe8407791db4d45093e0f8bdb7d235d40f1056a729e7b6f0002fd01c842a97da4211d4b3acdfe280b59b1b4a5be68394826cfc39cf

Score
8/10
discovery

Malware Config

Targets

    • Target

      OfficeSetup.exe

    • Size

      5.0MB

    • MD5

      2cd6dc080a634beb490163f76199a013

    • SHA1

      db4eb17b689ae7811c6e0b41bd73df83984682b3

    • SHA256

      e6b5c8362f7ebcad6a5efef3772bfd4802ee6c34a617bbb8d2870b082fee3423

    • SHA512

      fd94668806825515a1e90ebe8407791db4d45093e0f8bdb7d235d40f1056a729e7b6f0002fd01c842a97da4211d4b3acdfe280b59b1b4a5be68394826cfc39cf

    Score
    8/10
    discovery

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks