62998d8ea862d6cdce7dca23006b423b5a32fdc4e85ae675010abb3c19279b25 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

AdskNLM.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

AdskNLM.exe
Size

29.1MB
Sample

230311-mb4xhaba8y
MD5

6431fc6c593c673c266662b9f57e0787
SHA1

f3b4182b410b1e996d1f7ba9aa4c881381b6deb1
SHA256

62998d8ea862d6cdce7dca23006b423b5a32fdc4e85ae675010abb3c19279b25
SHA512

e39ee0324a126c02f6f553b1a3e0eab11f0a17638f985e9cb530f3afb0f29c4a9f93293b550161e74d7f073b3788cc38ceba9d831a9349828fed1149f2962ada
SSDEEP

393216:rBb76kr6yhWXHJ2byrLTllz+BtYHSsjFw3qwnsab4ZMpSO85uH:r96kdY3J0y5lz+BtgFw3qwnFfx

Score

8^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

AdskNLM.exe

Resource

win10v2004-20230221-es

evasion persistence

windows10-2004-x64

21 signatures

1200 seconds

Malware Config

Targets

- Target
  
  AdskNLM.exe
- Size
  
  29.1MB
- MD5
  
  6431fc6c593c673c266662b9f57e0787
- SHA1
  
  f3b4182b410b1e996d1f7ba9aa4c881381b6deb1
- SHA256
  
  62998d8ea862d6cdce7dca23006b423b5a32fdc4e85ae675010abb3c19279b25
- SHA512
  
  e39ee0324a126c02f6f553b1a3e0eab11f0a17638f985e9cb530f3afb0f29c4a9f93293b550161e74d7f073b3788cc38ceba9d831a9349828fed1149f2962ada
- SSDEEP
  
  393216:rBb76kr6yhWXHJ2byrLTllz+BtYHSsjFw3qwnsab4ZMpSO85uH:r96kdY3J0y5lz+BtgFw3qwnFfx
Score

8^/10

evasion persistence
- Blocklisted process makes network request
- Creates new service(s)
  persistence
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

New Service

Privilege Escalation

New Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistence

© 2018-2025

Terms | Privacy