Overview

overview

8

Static

static

1

WordMUI.msi

windows7-x64

7

WordMUI.msi

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    WordMUI.msi

  • Size

    1.7MB

  • Sample

    230615-qs92mahd51

  • MD5

    5921378b2bee035beb7fb146ca5dc89e

  • SHA1

    c07bb1d44ea3d7defd7ef3bf33421057c5027984

  • SHA256

    c3baba607d65c600f0bcfc4eeb9929cacfc02584ab25be8e2d4f8f8e7e463976

  • SHA512

    0755a27ed8523fccd1dd455af56f17d73bb655221fe87bef51ebe22c9186b208e19065a12617785191601d035a86f6380b7e0e401bb3470a540c8856b51d0806

  • SSDEEP

    49152:hwpajDM3DpTMGyyWfDT2/Bqs05qo4PT66:hwpoIV/WfDT2/Bqy

Score
8/10

Malware Config

Targets

    • Target

      WordMUI.msi

    • Size

      1.7MB

    • MD5

      5921378b2bee035beb7fb146ca5dc89e

    • SHA1

      c07bb1d44ea3d7defd7ef3bf33421057c5027984

    • SHA256

      c3baba607d65c600f0bcfc4eeb9929cacfc02584ab25be8e2d4f8f8e7e463976

    • SHA512

      0755a27ed8523fccd1dd455af56f17d73bb655221fe87bef51ebe22c9186b208e19065a12617785191601d035a86f6380b7e0e401bb3470a540c8856b51d0806

    • SSDEEP

      49152:hwpajDM3DpTMGyyWfDT2/Bqs05qo4PT66:hwpoIV/WfDT2/Bqy

    Score
    8/10

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks