Overview

overview

9

Static

static

1

VMware-wor...98.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    VMware-workstation-full-16.1.1-17801498.exe

  • Size

    621.5MB

  • Sample

    230613-tm7abshd8w

  • MD5

    20742f8cba06a8466e02b144ddf4e807

  • SHA1

    172a374b1ed205961feb5b017145a27e20c22ee0

  • SHA256

    7dab7c43bdfeebb7771a828d208385ade60a86fa31c6beb2f6d93b8e74037f4b

  • SHA512

    9654b78fb9402b24796a0555acd431f67d39385f7768f2b3ac56afb6c007c2cbc2dd761ae56ecd4b48297f56840ee71495aecb4d2fd634fb3305274bf7b3fad5

  • SSDEEP

    12582912:7ALSscPdw+lizIpokXjiAk9v7vHDVJkBifmr2s1/8ocZmKDe04De0SU1:7SSscFLlispBjiAgvHD0Bifmr2s1/Bco

Score
9/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      VMware-workstation-full-16.1.1-17801498.exe

    • Size

      621.5MB

    • MD5

      20742f8cba06a8466e02b144ddf4e807

    • SHA1

      172a374b1ed205961feb5b017145a27e20c22ee0

    • SHA256

      7dab7c43bdfeebb7771a828d208385ade60a86fa31c6beb2f6d93b8e74037f4b

    • SHA512

      9654b78fb9402b24796a0555acd431f67d39385f7768f2b3ac56afb6c007c2cbc2dd761ae56ecd4b48297f56840ee71495aecb4d2fd634fb3305274bf7b3fad5

    • SSDEEP

      12582912:7ALSscPdw+lizIpokXjiAk9v7vHDVJkBifmr2s1/8ocZmKDe04De0SU1:7SSscFLlispBjiAgvHD0Bifmr2s1/Bco

    Score
    9/10
    discoveryevasionpersistence

    • Detect jar appended to MSI

    • Drops file in Drivers directory

    • Looks for VMWare Tools registry key

      evasion

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks