f02be373f3da7971daed34afe611241b9d2d5a0fec6ebf087228557c20e92d73 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

PowerISO8.exe

windows7-x64

8

PowerISO8.exe

windows10-2004-x64

9

Sharing

General

Target

PowerISO8.exe
Size

4.4MB
Sample

230707-vv9wvsac95
MD5

6de0b9deca77a1e3fc40e3dbaa1c5ecd
SHA1

e75d90e85cb8a20cf4e61cf7b3997248e9a9507c
SHA256

f02be373f3da7971daed34afe611241b9d2d5a0fec6ebf087228557c20e92d73
SHA512

73c91d0e6b67f361d4ed1b77a17c33f25b4965b7bedcf5537b4a5cb80a9152b6d98ac80b6d57d22ce8436c4a70eb88b7a211c0154a2639238ac9c185b5c75cb6
SSDEEP

98304:o6d2Ys647Fz6xd2jVbuZy9zz6PssMtc6XOoxzl7qBx0CV2DcthUh:o6EYs2suMKksTov+BqCVbIh

Score

9^/10

coreentity discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

PowerISO8.exe

Resource

win7-20230703-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

PowerISO8.exe

Resource

win10v2004-20230703-en

coreentity discovery persistence

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  PowerISO8.exe
- Size
  
  4.4MB
- MD5
  
  6de0b9deca77a1e3fc40e3dbaa1c5ecd
- SHA1
  
  e75d90e85cb8a20cf4e61cf7b3997248e9a9507c
- SHA256
  
  f02be373f3da7971daed34afe611241b9d2d5a0fec6ebf087228557c20e92d73
- SHA512
  
  73c91d0e6b67f361d4ed1b77a17c33f25b4965b7bedcf5537b4a5cb80a9152b6d98ac80b6d57d22ce8436c4a70eb88b7a211c0154a2639238ac9c185b5c75cb6
- SSDEEP
  
  98304:o6d2Ys647Fz6xd2jVbuZy9zz6PssMtc6XOoxzl7qBx0CV2DcthUh:o6EYs2suMKksTov+BqCVbIh
Score

9^/10

discovery coreentity persistence
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Creates new service(s)
  persistence
- Downloads MZ/PE file
- Drops file in Drivers directory
- Checks for any installed AV software in registry
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Security Software Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

coreentitydiscoverypersistence

© 2018-2024

Terms | Privacy