General
-
Target
Creative_Cloud_Set-Up.exe
-
Size
2.7MB
-
Sample
220923-w697fabaep
-
MD5
cc640e9a055c39f202585454f01b5681
-
SHA1
a5907eae9b9f44b52d5a291c05528a5a1756861e
-
SHA256
fb4ba3cc47ebcc2548defdad3b438a33df67a8b7cfb4359046eaf4b38e4759d9
-
SHA512
bdb83df5a785d08a3fa4833aab68a6d2a8a8ec085f7a29ddd5b47e1b2788e3615a4dcb92fd05cde5fb2096accd83b1ffb8d2f6b0165b790cf066dbbce503659b
-
SSDEEP
49152:SuL2dxTVqDaEV6cdYcK5dD56F3O8BWoyjKDFSi/RCYUysy9:SuUxoOe3K/AY89dAiJEyZ9
Malware Config
Targets
-
-
Target
Creative_Cloud_Set-Up.exe
-
Size
2.7MB
-
MD5
cc640e9a055c39f202585454f01b5681
-
SHA1
a5907eae9b9f44b52d5a291c05528a5a1756861e
-
SHA256
fb4ba3cc47ebcc2548defdad3b438a33df67a8b7cfb4359046eaf4b38e4759d9
-
SHA512
bdb83df5a785d08a3fa4833aab68a6d2a8a8ec085f7a29ddd5b47e1b2788e3615a4dcb92fd05cde5fb2096accd83b1ffb8d2f6b0165b790cf066dbbce503659b
-
SSDEEP
49152:SuL2dxTVqDaEV6cdYcK5dD56F3O8BWoyjKDFSi/RCYUysy9:SuUxoOe3K/AY89dAiJEyZ9
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Registers COM server for autorun
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-