General
-
Target
HD-EnableHyperV.exe
-
Size
24KB
-
Sample
230316-fb5epsha42
-
MD5
6c782f5f5a64c0b2d9b1db4c774e416e
-
SHA1
536d5cf87af69245644efd7c06a06616eee3ff7b
-
SHA256
adfd47bcff033337b525bbdb2300213dc45344cf4024b5b1cefe3500892e51df
-
SHA512
364dbd37e4c9bd81ba82f2a5e6c02379dd3b7cd5ec80f25fca0b08c2972c761ee7947e05e7c3ea0b5adc9f7f54df54c77f4406be742cd74749dfaa8ebb064759
-
SSDEEP
384:IjbMVzPjpeABHWsVI4ASSo/Dkb9lxrZNZBAIqFIYiM8TIrL+Pxh8E9VF0Ny402r:FIWJSBF8IPYiMCrPxWEGf
Static task
static1
Behavioral task
behavioral1
Sample
HD-EnableHyperV.exe
Resource
win7-20230220-es
Behavioral task
behavioral2
Sample
HD-EnableHyperV.exe
Resource
win10v2004-20230221-es
Malware Config
Targets
-
-
Target
HD-EnableHyperV.exe
-
Size
24KB
-
MD5
6c782f5f5a64c0b2d9b1db4c774e416e
-
SHA1
536d5cf87af69245644efd7c06a06616eee3ff7b
-
SHA256
adfd47bcff033337b525bbdb2300213dc45344cf4024b5b1cefe3500892e51df
-
SHA512
364dbd37e4c9bd81ba82f2a5e6c02379dd3b7cd5ec80f25fca0b08c2972c761ee7947e05e7c3ea0b5adc9f7f54df54c77f4406be742cd74749dfaa8ebb064759
-
SSDEEP
384:IjbMVzPjpeABHWsVI4ASSo/Dkb9lxrZNZBAIqFIYiM8TIrL+Pxh8E9VF0Ny402r:FIWJSBF8IPYiMCrPxWEGf
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-