General
-
Target
install-win64-11.5.8_en-US.exe
-
Size
271.0MB
-
Sample
221204-sl24jsee3x
-
MD5
c9bdfd2d99730f4969b16daa7b55f09c
-
SHA1
d7a3f9e0df14aa53336271f6a80a6a968f52305e
-
SHA256
16f47df2e331c8f70920ffc50ed2c14a53b4079cb989028b0900ce7ef18bd623
-
SHA512
9fcf9d5de9ce7d2e054a122c5790713e106dadf58eaa6bfe6049a25adae9966c0efde9ba1db3a61b312e000e1bb2acaaeca4f07266b921c148a2e8cf91c1ed12
-
SSDEEP
196608:ziJQ0v+cIuxunU9+MJQBGqVUE8Fx0hw35EyN3PN8Cg7Hr0EE2xsJ12QX6Y:ZolunU9XJQBqEwd35Eg3PNgHjEsq
Static task
static1
Behavioral task
behavioral1
Sample
install-win64-11.5.8_en-US.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
install-win64-11.5.8_en-US.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
install-win64-11.5.8_en-US.exe
-
Size
271.0MB
-
MD5
c9bdfd2d99730f4969b16daa7b55f09c
-
SHA1
d7a3f9e0df14aa53336271f6a80a6a968f52305e
-
SHA256
16f47df2e331c8f70920ffc50ed2c14a53b4079cb989028b0900ce7ef18bd623
-
SHA512
9fcf9d5de9ce7d2e054a122c5790713e106dadf58eaa6bfe6049a25adae9966c0efde9ba1db3a61b312e000e1bb2acaaeca4f07266b921c148a2e8cf91c1ed12
-
SSDEEP
196608:ziJQ0v+cIuxunU9+MJQBGqVUE8Fx0hw35EyN3PN8Cg7Hr0EE2xsJ12QX6Y:ZolunU9XJQBqEwd35Eg3PNgHjEsq
Score10/10-
Disables use of System Restore points
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Modify Existing Service
1Hidden Files and Directories
2Scheduled Task
1