6320b40b4809bd711e6a50eebacce6ac51d3cbb92f84d467116f79489c668a04 | Triage

Resubmissions

20-03-2023 12:07

230320-pad1ssfd7y 10

20-03-2023 09:30

230320-lgw86scg49 10

Sharing

General

Target

WinUIUpdate.exe
Size

3.7MB
Sample

230320-lgw86scg49
MD5

b0a84e4330a9c00c57d3a3e7885f7946
SHA1

bfe5f9b94081c25827e2bc90bb39a8c701033519
SHA256

6320b40b4809bd711e6a50eebacce6ac51d3cbb92f84d467116f79489c668a04
SHA512

a2214e9f6ca3b9a1aa35e2dbe8d7439ee6958e20a2bdd520a9b29693b5d0eb930bd7d26b818aad5e032ca455eb879543598dcb72e06f69775b9877ac28e77a8f
SSDEEP

98304:xGUMWoCIILMDNCl6b54+TUyscvBDw4pn:AGosIslo46UF8

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  WinUIUpdate.exe
- Size
  
  3.7MB
- MD5
  
  b0a84e4330a9c00c57d3a3e7885f7946
- SHA1
  
  bfe5f9b94081c25827e2bc90bb39a8c701033519
- SHA256
  
  6320b40b4809bd711e6a50eebacce6ac51d3cbb92f84d467116f79489c668a04
- SHA512
  
  a2214e9f6ca3b9a1aa35e2dbe8d7439ee6958e20a2bdd520a9b29693b5d0eb930bd7d26b818aad5e032ca455eb879543598dcb72e06f69775b9877ac28e77a8f
- SSDEEP
  
  98304:xGUMWoCIILMDNCl6b54+TUyscvBDw4pn:AGosIslo46UF8
Score

10^/10

evasion
- Modifies security service
  evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2