435506cbe66bebdfdf9a2a94b1e8f483fdf108ab308129a6eb8dfd56a8bc77bc | Triage

Submit
Reports

Overview

overview

8

Static

static

1

windows.10...up.exe

windows7-x64

8

windows.10...up.exe

windows10-2004-x64

8

Sharing

General

Target

windows.10.codec.pack.v2.2.0.setup.exe
Size

45.5MB
Sample

221222-x8wx9sac6y
MD5

908ea32c938f24669728a7c026a6552b
SHA1

2695b6cd468636b09c1495a86a69ce4f56203a0c
SHA256

435506cbe66bebdfdf9a2a94b1e8f483fdf108ab308129a6eb8dfd56a8bc77bc
SHA512

342281df3e8823dbca8231335c17d76fbc4d0ba35a97c2d777d11c9ca33b86e689ef54c86aebbbec50a6f499b7232c4d56406f0471cce666a74203bfe95e710e
SSDEEP

786432:Zbe52lsoZacQr5el64WTdDUCpGnSlyXMs8AdIqCmF3kdPEcOKbBhscBpw4yTie6d:ZbpHZac09DtpI7XMvmIqoPppw4yees

Score

8^/10

discovery persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

windows.10.codec.pack.v2.2.0.setup.exe

Resource

win7-20220812-en

discovery persistence

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

windows.10.codec.pack.v2.2.0.setup.exe

Resource

win10v2004-20220812-en

discovery persistence spyware stealer

windows10-2004-x64

27 signatures

150 seconds

Malware Config

Targets

- Target
  
  windows.10.codec.pack.v2.2.0.setup.exe
- Size
  
  45.5MB
- MD5
  
  908ea32c938f24669728a7c026a6552b
- SHA1
  
  2695b6cd468636b09c1495a86a69ce4f56203a0c
- SHA256
  
  435506cbe66bebdfdf9a2a94b1e8f483fdf108ab308129a6eb8dfd56a8bc77bc
- SHA512
  
  342281df3e8823dbca8231335c17d76fbc4d0ba35a97c2d777d11c9ca33b86e689ef54c86aebbbec50a6f499b7232c4d56406f0471cce666a74203bfe95e710e
- SSDEEP
  
  786432:Zbe52lsoZacQr5el64WTdDUCpGnSlyXMs8AdIqCmF3kdPEcOKbBhscBpw4yTie6d:ZbpHZac09DtpI7XMvmIqoPppw4yees
Score

8^/10

discovery persistence spyware stealer
- Creates new service(s)
  persistence
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

New Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistencespywarestealer

© 2018-2024

Terms | Privacy