6b4717f41ef3c043d590f829db20f19cadf1f3ddc5a207c146ab0ec50053253b | Triage

Submit
Reports

Overview

overview

Static

static

1

DAEMONTool...53.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

DAEMONToolsUltra610-1753.exe
Size

26.8MB
Sample

230213-2lta3sgb9s
MD5

d0900f131dd4c6bb829f9d4ba74cf249
SHA1

750073855e3d20852681469286270a4bb93fd43a
SHA256

6b4717f41ef3c043d590f829db20f19cadf1f3ddc5a207c146ab0ec50053253b
SHA512

f9e081a4593a9816d81736f621e6abd2991107f7600c7fa3013d9e16a45b80a642110f4b69f756b6f08eb2daa10c128450334dc701a8371b7ca8ad5293b29001
SSDEEP

786432:zRvxxkENSNBkUs633n/i5LR7IMvcYE0nbOVzay6:hkENSQmHnKZTv1E0naVze

Score

10^/10

discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

DAEMONToolsUltra610-1753.exe

Resource

win10v2004-20221111-en

discovery persistence

windows10-2004-x64

21 signatures

120 seconds

Malware Config

Targets

- Target
  
  DAEMONToolsUltra610-1753.exe
- Size
  
  26.8MB
- MD5
  
  d0900f131dd4c6bb829f9d4ba74cf249
- SHA1
  
  750073855e3d20852681469286270a4bb93fd43a
- SHA256
  
  6b4717f41ef3c043d590f829db20f19cadf1f3ddc5a207c146ab0ec50053253b
- SHA512
  
  f9e081a4593a9816d81736f621e6abd2991107f7600c7fa3013d9e16a45b80a642110f4b69f756b6f08eb2daa10c128450334dc701a8371b7ca8ad5293b29001
- SSDEEP
  
  786432:zRvxxkENSNBkUs633n/i5LR7IMvcYE0nbOVzay6:hkENSQmHnKZTv1E0naVze
Score

10^/10

discovery persistence
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

© 2018-2025

Terms | Privacy