General
-
Target
DriverPack-17-Online_569590981.1586169787.exe
-
Size
6.4MB
-
Sample
220517-axy7xsfhek
-
MD5
f9d8113ccfaa00f5fb6d1c8d88613d16
-
SHA1
9cad0f98446f3cbe749084360b4e83104f93e9f8
-
SHA256
d7eb9189ebf572a0b196fbb798ec038ce364a562c14d77ecc523451bee81ebba
-
SHA512
d20969f552be9ff7455fe1cabc059f1818f9284c052aa0d9154384ada12ae3b01260ddbf3cec4274cf87c5bd50c594b5dce4fa915c4f5d38926414dae8efb8b9
Static task
static1
Behavioral task
behavioral1
Sample
DriverPack-17-Online_569590981.1586169787.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
DriverPack-17-Online_569590981.1586169787.exe
-
Size
6.4MB
-
MD5
f9d8113ccfaa00f5fb6d1c8d88613d16
-
SHA1
9cad0f98446f3cbe749084360b4e83104f93e9f8
-
SHA256
d7eb9189ebf572a0b196fbb798ec038ce364a562c14d77ecc523451bee81ebba
-
SHA512
d20969f552be9ff7455fe1cabc059f1818f9284c052aa0d9154384ada12ae3b01260ddbf3cec4274cf87c5bd50c594b5dce4fa915c4f5d38926414dae8efb8b9
-
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016 (WinHTTPRequest)
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016 (WinHTTPRequest)
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-