Overview

overview

10

Static

static

1

no_halt_op...ed.msi

windows7-x64

10

no_halt_op...ed.msi

windows10-2004-x64

10

Resubmissions

22/07/2023, 19:23

230722-x4ajgacd2v 10

21/07/2023, 08:40

230721-kk48hsch86 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    no_halt_opts_enabled.msi

  • Size

    1.8MB

  • Sample

    230721-kk48hsch86

  • MD5

    608521a573ca80a1ba6e08a79dd9b899

  • SHA1

    29b6a8ae869cdc1a95bae83dd97874e5efa79613

  • SHA256

    54f52ef506f6649c09838b9935aed223f0f320798e13fdb9541ffd1db3e08816

  • SHA512

    92f22f9e9ccbd828be12d9e030acc7cb1cc46699918734de4fb334bc0e11f1a3fdf98c7a8cbd1532ebb37afc7b8fbf5933cf91ba97cdd3f77bacffb298e3ea40

  • SSDEEP

    49152:HpUP99FBJZEH1X1arF0EK/2ZIL/8up2yb:Hp82H1X6

Score
10/10
discovery

Malware Config

Targets

    • Target

      no_halt_opts_enabled.msi

    • Size

      1.8MB

    • MD5

      608521a573ca80a1ba6e08a79dd9b899

    • SHA1

      29b6a8ae869cdc1a95bae83dd97874e5efa79613

    • SHA256

      54f52ef506f6649c09838b9935aed223f0f320798e13fdb9541ffd1db3e08816

    • SHA512

      92f22f9e9ccbd828be12d9e030acc7cb1cc46699918734de4fb334bc0e11f1a3fdf98c7a8cbd1532ebb37afc7b8fbf5933cf91ba97cdd3f77bacffb298e3ea40

    • SSDEEP

      49152:HpUP99FBJZEH1X1arF0EK/2ZIL/8up2yb:Hp82H1X6

    Score
    10/10
    discovery

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks