Overview

overview

8

Static

static

3

WindowsIns....0.exe

windows7-x64

7

WindowsIns....0.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WindowsInstallerDirPatchCleaner_1.4.2.0.exe

  • Size

    1.3MB

  • Sample

    230615-sd1whsaa71

  • MD5

    70d0bd7633d10c492839272c97b2544e

  • SHA1

    4da0e8c2fe1f06b13985d700fe15686a1015c3bb

  • SHA256

    6472de894c5cb6050fd80cdd893b8772aef71f8bdb5c65a0175cf7cbb90e6ec6

  • SHA512

    99d43ed2060eb6371a54f73af407fe4cc7644a93e5f856419ad0cb8769b2664139cb9097ff4be4b8dbb93f2c5da4fc90bc48eeac6fe0b3df5f8bc12428b5b5b2

  • SSDEEP

    24576:91OYdaPtyx5f3bpaOZpBr8Mok3CwAvCJYNsO7z7YHgEzmvDjvANu29N:91Os1gOpBrRokSwAqJY73Sz2Qv

Score
8/10

Malware Config

Targets

    • Target

      WindowsInstallerDirPatchCleaner_1.4.2.0.exe

    • Size

      1.3MB

    • MD5

      70d0bd7633d10c492839272c97b2544e

    • SHA1

      4da0e8c2fe1f06b13985d700fe15686a1015c3bb

    • SHA256

      6472de894c5cb6050fd80cdd893b8772aef71f8bdb5c65a0175cf7cbb90e6ec6

    • SHA512

      99d43ed2060eb6371a54f73af407fe4cc7644a93e5f856419ad0cb8769b2664139cb9097ff4be4b8dbb93f2c5da4fc90bc48eeac6fe0b3df5f8bc12428b5b5b2

    • SSDEEP

      24576:91OYdaPtyx5f3bpaOZpBr8Mok3CwAvCJYNsO7z7YHgEzmvDjvANu29N:91Os1gOpBrRokSwAqJY73Sz2Qv

    Score
    8/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks