General

  • Target

    Windows 7 IconPack By 2013Windows8.1.exe

  • Size

    15.2MB

  • Sample

    230124-vz7x3ach28

  • MD5

    d54c644994f501358b6074a0ce2f331b

  • SHA1

    863d56e70d675eab6e83909fb587ad9e802bcce2

  • SHA256

    24a7869b1b222cc2eae561421b7f0c83048ca4c157d44718102a3e674a412e99

  • SHA512

    404910ea4caad2d05d9a2292b62d46355d98fb9c9577c4fc5838c6507deb84aabde02ec6557fa36d25ce4829322ef8da315f2573268117da07490bee49f51d7a

  • SSDEEP

    393216:sCBY2ekC/ialj+VaCVeNnCrPYFjvnfIlclildwvki/rsJwN1N:p7+iat+4CkNCEF7fIlldwPrsaTN

Score
8/10

Malware Config

Targets

    • Target

      Windows 7 IconPack By 2013Windows8.1.exe

    • Size

      15.2MB

    • MD5

      d54c644994f501358b6074a0ce2f331b

    • SHA1

      863d56e70d675eab6e83909fb587ad9e802bcce2

    • SHA256

      24a7869b1b222cc2eae561421b7f0c83048ca4c157d44718102a3e674a412e99

    • SHA512

      404910ea4caad2d05d9a2292b62d46355d98fb9c9577c4fc5838c6507deb84aabde02ec6557fa36d25ce4829322ef8da315f2573268117da07490bee49f51d7a

    • SSDEEP

      393216:sCBY2ekC/ialj+VaCVeNnCrPYFjvnfIlclildwvki/rsJwN1N:p7+iat+4CkNCEF7fIlldwPrsaTN

    Score
    8/10
    • Executes dropped EXE

    • Possible privilege escalation attempt

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies file permissions

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

File Permissions Modification

1
T1222

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks