1c7d1f5635d70f870fa2686743e759c8446c5e46fa2ea1250494f505845baa1d

Sharing

Copy URL

Twitter E-mail

General

Target

OInstall.exe
Size

14.6MB
Sample

230708-lcehkadf44
MD5

4c746e46fb3ced72a49290baf9f115f4
SHA1

3cbb5c1380496b121289ea6e14d5007d71e7e3e7
SHA256

1c7d1f5635d70f870fa2686743e759c8446c5e46fa2ea1250494f505845baa1d
SHA512

0482cb95c79179a9665ead17bdb1111badb02ee9d7524ebbfa810008fe7661da7cee553be97f0034b7fb4e9f66ecdd3568cbed873b67914545440635fe608080
SSDEEP

393216:T4sLMkgDxJBnLZ3xJZwmxjxhC59j5/sZDPXn1Syset+uh:ks72/t3xJ5rC5ecS

Score

10^/10

evasion upx

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v32.cab

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v32.cab

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v32.cab

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v32.cab

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/16.0.14332.20517/i640.cab

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/16.0.14332.20517/i641033.cab

Targets

- Target
  
  OInstall.exe
- Size
  
  14.6MB
- MD5
  
  4c746e46fb3ced72a49290baf9f115f4
- SHA1
  
  3cbb5c1380496b121289ea6e14d5007d71e7e3e7
- SHA256
  
  1c7d1f5635d70f870fa2686743e759c8446c5e46fa2ea1250494f505845baa1d
- SHA512
  
  0482cb95c79179a9665ead17bdb1111badb02ee9d7524ebbfa810008fe7661da7cee553be97f0034b7fb4e9f66ecdd3568cbed873b67914545440635fe608080
- SSDEEP
  
  393216:T4sLMkgDxJBnLZ3xJZwmxjxhC59j5/sZDPXn1Syset+uh:ks72/t3xJ5rC5ecS
Score

10^/10

evasion upx
- Blocklisted process makes network request
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1
- Target
  
  out.upx
- Size
  
  29.2MB
- MD5
  
  fcc3a6ad8b68714f49b301a87802f19a
- SHA1
  
  153a8c2ecc8e8cfd50a7308ad95a2eb6dc5ef605
- SHA256
  
  f1f929f79a4394cfbe4e554d97aceeb5f5e3f4de58dd60dbff5a115ade9bde7a
- SHA512
  
  d93ac16d222920f29f983e095d91b4f36be0ce57fa5d1b8c4429560919b4061f426715ab1de675a5c75b86f94406aa599fb8549070b5dccf17c0379610748375
- SSDEEP
  
  786432:1o/RC88KMjqzSGFPt7lgx+Gft4k42m/bE:OJaKMjqzSGJt7lg/ft4k42mDE
Score

1^/10
behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Blocklisted process makes network request

Stops running service(s)

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

Checks system information in the registry

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2