General
-
Target
e4b8a4401c45b62909eb4018b6e52e4bcdc552378601955f3793063490714206
-
Size
43.6MB
-
Sample
220923-p2x8ragfh5
-
MD5
b04dbe5e234be427bfa1737253e026bf
-
SHA1
4cb8d55d708b8443cccefc10d3e9258b703c9b05
-
SHA256
e4b8a4401c45b62909eb4018b6e52e4bcdc552378601955f3793063490714206
-
SHA512
28d96de17f1499547b2cf2c6a38d88f3efa6ac06f3f2888f7725f821f2796f0e094cd1ec148fefa6d2a69daecc3ff0c362465282378a6e31ad2f672ede73b898
-
SSDEEP
786432:LDX8AIgUz8sQFQ16DX8AIgUz8sQFQ16DX8AIgUz8sQFQ1I:Lw/g7FQ16w/g7FQ16w/g7FQ1I
Static task
static1
Behavioral task
behavioral1
Sample
license_8_4_5_53151.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
license_8_4_5_53151.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
license_8_4_5_53151.exe
-
Size
43.6MB
-
MD5
a9b10735bdab1df5db8e6b0478720d65
-
SHA1
29f36bd8e4d4cac6e8ca4b6bf0a1f1fd9b616345
-
SHA256
40116c48e728a6253a7ea5946a74f196a2639a7be368d0d2c4904b76e1e784b5
-
SHA512
9e0aa0307d3bc83b4051a7fda3bd11948feda7e4ff492f15edca611e7bc75b720e81c9a785583dfce53595fb24c3d54207884f9cc975fcb934ade964ecf126e8
-
SSDEEP
786432:kDX8AIgUz8sQFQ16DX8AIgUz8sQFQ16DX8AIgUz8sQFQ1j:kw/g7FQ16w/g7FQ16w/g7FQ1j
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Disables use of System Restore points
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Registers COM server for autorun
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Modify Existing Service
1Registry Run Keys / Startup Folder
1Hidden Files and Directories
2Scheduled Task
1Defense Evasion
Modify Registry
4Disabling Security Tools
4Bypass User Account Control
1File Deletion
2Hidden Files and Directories
2File Permissions Modification
1