Overview

overview

8

Static

static

1

onenotemui.msi

windows7-x64

7

onenotemui.msi

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    onenotemui.msi

  • Size

    2.3MB

  • Sample

    230615-ryqevahg9v

  • MD5

    6802880928647983a76c2f4d3f0f147e

  • SHA1

    8864a625e5f79d208e827117232214463de490fa

  • SHA256

    eb6271aa9dceb5c00eddc4550e728cfbb8832f971eb257934f72a99c236f3563

  • SHA512

    bf7f03d4daf860f76246142b5db92c77650936ad08da7423d28d3253afb752ce08e1a0e98e60747b89cf1b0a3908022af40e965010d4a44c926022808afe74c3

  • SSDEEP

    49152:cPjF4Z/ZvrrN/Bb9xlnGvP/MfwpqpF0GMkdXPHs4:c8r6MRp

Score
8/10

Malware Config

Targets

    • Target

      onenotemui.msi

    • Size

      2.3MB

    • MD5

      6802880928647983a76c2f4d3f0f147e

    • SHA1

      8864a625e5f79d208e827117232214463de490fa

    • SHA256

      eb6271aa9dceb5c00eddc4550e728cfbb8832f971eb257934f72a99c236f3563

    • SHA512

      bf7f03d4daf860f76246142b5db92c77650936ad08da7423d28d3253afb752ce08e1a0e98e60747b89cf1b0a3908022af40e965010d4a44c926022808afe74c3

    • SSDEEP

      49152:cPjF4Z/ZvrrN/Bb9xlnGvP/MfwpqpF0GMkdXPHs4:c8r6MRp

    Score
    8/10

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks