d3abd20b734ba49487847fa43cf9cde714c8061d757533dfcc31d85a88b262af | Triage

Submit
Reports

Overview

overview

8

Static

static

5

ADK300ER16.zip

windows10-2004-x64

8

Resubmissions

04/07/2023, 08:46

230704-kprszsbf92 8

04/07/2023, 07:19

230704-h5rf2sbe36 7

Sharing

General

Target

ADK300ER16.zip
Size

30.0MB
Sample

230704-kprszsbf92
MD5

813c1e1b3e0ed06bd19f561b08d2e9a4
SHA1

febb6b1d047a1eaa5c7b338da8ff68f7600fb910
SHA256

d3abd20b734ba49487847fa43cf9cde714c8061d757533dfcc31d85a88b262af
SHA512

bebab340670ffb15c4e4ff52560ef988d14460f166030eb8583959c0ecd122a918753ec77c338e4f58664b8f9075af07503b4700a39c2d685ca73f9bf3e1f30c
SSDEEP

786432:7yHir/2FeK9fiANqGU5bA43Q6obvykk1r:GHib2/9fexAsQ6o7y/r

Score

8^/10

discovery evasion pdf persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ADK300ER16.zip

Resource

win10v2004-20230703-en

discovery evasion persistence

windows10-2004-x64

23 signatures

1200 seconds

Malware Config

Targets

- Target
  
  ADK300ER16.zip
- Size
  
  30.0MB
- MD5
  
  813c1e1b3e0ed06bd19f561b08d2e9a4
- SHA1
  
  febb6b1d047a1eaa5c7b338da8ff68f7600fb910
- SHA256
  
  d3abd20b734ba49487847fa43cf9cde714c8061d757533dfcc31d85a88b262af
- SHA512
  
  bebab340670ffb15c4e4ff52560ef988d14460f166030eb8583959c0ecd122a918753ec77c338e4f58664b8f9075af07503b4700a39c2d685ca73f9bf3e1f30c
- SSDEEP
  
  786432:7yHir/2FeK9fiANqGU5bA43Q6obvykk1r:GHib2/9fexAsQ6o7y/r
Score

8^/10

discovery evasion persistence
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionpersistence

© 2018-2025

Terms | Privacy