hxxps://www[.]poweriso[.]com/download[.]php | Triage

Submit
Reports

Overview

overview

9

Static

static

1

URLScan

urlscan

1

https://www.poweriso...

windows10-1703-x64

9

Sharing

General

Target

https://www.poweriso.com/download.php
Sample

230722-mta25saf54

Score

9^/10

coreentity discovery persistence

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://www.poweriso.com/download.php

Resource

win10-20230703-en

coreentity discovery persistence

windows10-1703-x64

21 signatures

300 seconds

Malware Config

Targets

- Target
  
  https://www.poweriso.com/download.php
Score

9^/10

coreentity discovery persistence
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Creates new service(s)
  persistence
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Software Discovery

Security Software Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

urlscan1

behavioral1

coreentitydiscoverypersistence

© 2018-2024

Terms | Privacy