Overview

overview

10

Static

static

picp318001...cm.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    picp318001_all_package_scm.exe

  • Size

    185.9MB

  • Sample

    230113-yecg7scd36

  • MD5

    66bc971f5ee9939ef8be05bc726ddfd3

  • SHA1

    78f11a49094eedaf8cce86c37660f9d806ee2552

  • SHA256

    e1b5f6af06db8a385bf58bb59d18f6cb39535df8987e6d65dca11af539718008

  • SHA512

    e26bbe4341d62c697788fe2d4cb236291f0ee4ac2284cd43fccecf0682d18ac81b3254a697bacafe21a62a539423bb4005bf30fff2b82008a897cd8ea9e3a9da

  • SSDEEP

    3145728:uRsFJGk3PSB/L8jKtfnEiZZl2+2vPuYaaIyJtm3Sjrkm+SPnltK9Bs:uRssD8+9nnZZlKvPRbtm3SjogPX6s

Score
10/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      picp318001_all_package_scm.exe

    • Size

      185.9MB

    • MD5

      66bc971f5ee9939ef8be05bc726ddfd3

    • SHA1

      78f11a49094eedaf8cce86c37660f9d806ee2552

    • SHA256

      e1b5f6af06db8a385bf58bb59d18f6cb39535df8987e6d65dca11af539718008

    • SHA512

      e26bbe4341d62c697788fe2d4cb236291f0ee4ac2284cd43fccecf0682d18ac81b3254a697bacafe21a62a539423bb4005bf30fff2b82008a897cd8ea9e3a9da

    • SSDEEP

      3145728:uRsFJGk3PSB/L8jKtfnEiZZl2+2vPuYaaIyJtm3Sjrkm+SPnltK9Bs:uRssD8+9nnZZlKvPRbtm3SjogPX6s

    Score
    10/10
    discoveryevasionpersistence

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks