Overview
overview
10Static
static
87z2201-x64.exe
windows10-2004-x64
10Firefox Se....4.exe
windows10-2004-x64
8SumatraPDF...ll.exe
windows10-2004-x64
8TB_Free_In...00.exe
windows10-2004-x64
8XnViewMP-win-x64.exe
windows10-2004-x64
8avast_one_...us.exe
windows10-2004-x64
10torbrowser...US.exe
windows10-2004-x64
8vlc-3.0.17...32.exe
windows10-2004-x64
8General
-
Target
d.zip
-
Size
269.0MB
-
Sample
221103-vf8egscfd3
-
MD5
ac78f663f9992583ed737374e3da88f5
-
SHA1
d0b19dda3b8f5a00706bc2ed28e6f504864c71f1
-
SHA256
aacaf8cdd33492631621ef0d6d741dacb65fecfdb1e18da648c2474f76a4a427
-
SHA512
85c213580a837bef4ce4af53fd346f8c170d51afbb281f3dacccafe2b90dedec648ad729c3e2468b6252547f3a7d4cba5213a622450571fbbcf649d9b26802ff
-
SSDEEP
6291456:KxvLm9vw9cisebM+6ETL22K4ROmmPLkbIFfm/4xXIY+MLlPwwR:k+oQ6L6I5K3RLopxY+EwwR
Behavioral task
behavioral1
Sample
7z2201-x64.exe
Resource
win10v2004-20220812-de
Behavioral task
behavioral2
Sample
Firefox Setup 106.0.4.exe
Resource
win10v2004-20220812-de
Behavioral task
behavioral3
Sample
SumatraPDF-3.4.6-64-install.exe
Resource
win10v2004-20220812-de
Behavioral task
behavioral4
Sample
TB_Free_Installer_20221103.100000.exe
Resource
win10v2004-20220812-de
Behavioral task
behavioral5
Sample
XnViewMP-win-x64.exe
Resource
win10v2004-20220812-de
Behavioral task
behavioral6
Sample
avast_one_free_antivirus.exe
Resource
win10v2004-20220812-de
Behavioral task
behavioral7
Sample
torbrowser-install-win64-11.5.6_en-US.exe
Resource
win10v2004-20220812-de
Behavioral task
behavioral8
Sample
vlc-3.0.17.4-win32.exe
Resource
win10v2004-20220812-de
Malware Config
Extracted
C:\Program Files\7-Zip\History.txt
Targets
-
-
Target
7z2201-x64.exe
-
Size
1.5MB
-
MD5
a6a0f7c173094f8dafef996157751ecf
-
SHA1
c0dcae7c4c80be25661d22400466b4ea074fc580
-
SHA256
b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4
-
SHA512
965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94
-
SSDEEP
24576:mGIyixBMj+/A2d+UKnvT+LwZWj7iDDVVYrz0rbzGTw3DoA/sk6smE:mGbj+/BpKnvyIxVV/XDoAfmE
Score10/10-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
Firefox Setup 106.0.4.exe
-
Size
54.7MB
-
MD5
9cf649373bf12504df4011ccc2106973
-
SHA1
5eb94e8a87bc2c02138624807432cd005ee3ceae
-
SHA256
ac0f8f9a5947a02b0bb9be51c9037cfd744f431c94a4a00e27259f5e65859d17
-
SHA512
76d5fa71834962517970873107f98724711bbcb7f73eb413baea573b2cfc07b0e44a5759b61176c56ad5592e7821eceb89be1aac6390cca029a305ab18b1ef9d
-
SSDEEP
1572864:UmiZX058n5hv9lXPBFJpueNT8ob/a0ScP4PjJJl/3oj:v8nzXvPZNDb/MHPjJ7O
-
Executes dropped EXE
-
Registers COM server for autorun
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
SumatraPDF-3.4.6-64-install.exe
-
Size
7.1MB
-
MD5
5825a6110accced8f5580207c94e2805
-
SHA1
ec3e46a43e95e4d1f3380f3022ebcbbef49d27af
-
SHA256
aa79391c7db478fbb969875da39ce09e3e8124b869acc3178f5b6a3b4e10d5ce
-
SHA512
0b5cef31e7e29337f45502977b0c3293c0041133c353962bf6836ec314ddd474701834d270fa891b1dc2fbecdeab4cde2fa9483f264dc166a86a8ee0d654472e
-
SSDEEP
196608:gGWpkdKiynKtTuSyM1MeRk9BqHtLKpfX/TL1LKo+7SH94WSv8:6SDXtTrTRk9ButLKpP//1LKo+7SKvv8
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
TB_Free_Installer_20221103.100000.exe
-
Size
1.3MB
-
MD5
d76c47211551f7c1f1427b4bad8e6aa9
-
SHA1
507c01d8cb2a3f71079b4b5110b533f9f6285ac7
-
SHA256
e680301ef8cbba2694f9826dd6cb4b7363e41040f2bd0af6014369f76751b32b
-
SHA512
04505ce953e9403a7c79699d3427e57d6237e2875920eb325cfa6bdf6264a095fc3ae7c38aed85bae803b19582e1ed43c0c8425055d543c81c077b5e5ae399b3
-
SSDEEP
24576:ZOr6qSJAHsD7KkT4kAC1PhCa9KRMdJYIHnsCmgFhKuYdKU6M6+q:m/u1A2ZCLMdJYnCTn8dYME
Score8/10-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Registers COM server for autorun
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
XnViewMP-win-x64.exe
-
Size
67.1MB
-
MD5
d4b3a362d7cc155027e24bd613147de5
-
SHA1
496fcd1b9384301cb182b308af741ea950cd0b7d
-
SHA256
2c272ab3bff4e10f12e2a1644be5526ebf98817f76762f5305eb8400edb25c3b
-
SHA512
0ea612d43097eeb3c01947c5c9532318e95448adbb9e78a8a87165a05a284ebccb4ce3742897e4adb8139839c177e6dcb76662dd3a18d31603b5bfbb6811b978
-
SSDEEP
1572864:ywAYNNlYmWK8FFHBbXcOaGh/P0Khw4JPIe1:PNdCbMM/PhhUe1
Score8/10-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
avast_one_free_antivirus.exe
-
Size
262KB
-
MD5
5703ae1bd5c915b80632aae4b7e580ce
-
SHA1
15f42d74c1796cfa214c325d6a8c88222ad18f20
-
SHA256
9ee8d5cb8cfb6c6d7741f00c4e4655b97cf1ed0ae4e40135c086df05be964ac3
-
SHA512
b9ee07915ead7f02f758d9ea79322c1aa20d799e762c719dacc4636299df67137da04e1acafdfef3d3598f83ddfed3d21f9e17f7e1faa39c3516ead973edcb76
-
SSDEEP
3072:03FKK+qOLpWZOpHwOnxjhI1a29nMGkvmUCDzTObdPnF5od1Jc+mTSC/REMz5hM+y:09+qOLoaXjhenMGmmUEebVF+uofQy6tC
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Registers COM server for autorun
-
Sets service image path in registry
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
-
-
Target
torbrowser-install-win64-11.5.6_en-US.exe
-
Size
99.0MB
-
MD5
2fc886b117ebc7795642fa2198c60e49
-
SHA1
b61ba9359ff8a958896363e7dfcf787ce40ce263
-
SHA256
54eec6f9d33e89c00dbf5364a379c859690335969e5c7d22746190ce665c30bd
-
SHA512
8f03b6f5905e37aca027dd791d9eecbc0faeb9f393b770397e3652b180b7f77832c94e9eb26069b92ce21a676069778447daffa48144b3694bc77f5e38099282
-
SSDEEP
3145728:vUg9s/w7SNDNaO4lkp5ll1gTQshIZfjnNkxXKDcHrmzI9wkyc2b:MgUZ4O0M5lMEsMbAgcHr0RkBA
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
-
-
Target
vlc-3.0.17.4-win32.exe
-
Size
40.1MB
-
MD5
02eb5ad800c09cb60aba81513b8d6de1
-
SHA1
48c23abfa29f974f04e0ff50b3b3e049e9570480
-
SHA256
514b0bf5ac82e7132ecac31da64c38fc85cd0ff76e2dcbcf904b6e2028c6749f
-
SHA512
a84d93e6c315c9f045f7b90ee54298040e2e2654011f072cd31c9049a18aa58437e926659ce21e057d88a0fe32ad239232f027dc3f2c71e9b71e3ae16c2ae508
-
SSDEEP
786432:EheFaiMu9ndkYHhZY5vTFOzhy9UJKISjJI/HMuQRELOw3jIR/pN8OAVKibCzNkF5:EheFdMknddhK56hy9wKp4WKLFW/rHibN
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-