Overview

overview

10

Static

static

1

6e068b9dcd...70.msi

windows7-x64

7

6e068b9dcd...70.msi

windows10-2004-x64

10

Resubmissions

27-07-2023 11:12

230727-nbajbsec22 10

27-07-2023 08:08

230727-j1rfxscg7s 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6e068b9dcd8df03fd6456faeb4293c036b91a130a18f86a945c8964a576c1c70.msi

  • Size

    1.8MB

  • Sample

    230727-j1rfxscg7s

  • MD5

    247a8cc39384e93d258360a11381000f

  • SHA1

    23893f035f8564dfea5030b9fdd54120d96072bb

  • SHA256

    6e068b9dcd8df03fd6456faeb4293c036b91a130a18f86a945c8964a576c1c70

  • SHA512

    336eca9569c0072e92ce16743f47ba9d6be06390a196f8e81654d6a42642ff5c99e423bfed00a8396bb0b037d5b54df8c3bde53757646e7e1a204f3be271c998

  • SSDEEP

    24576:ftncpVGP4I9FsEsyt8l+E+s1tB7parWM0+AL5QgZQvUXtAqlU0ZyMRp:epUP59FBJZEH1X1arF0vN/nX

Score
10/10
discovery

Malware Config

Targets

    • Target

      6e068b9dcd8df03fd6456faeb4293c036b91a130a18f86a945c8964a576c1c70.msi

    • Size

      1.8MB

    • MD5

      247a8cc39384e93d258360a11381000f

    • SHA1

      23893f035f8564dfea5030b9fdd54120d96072bb

    • SHA256

      6e068b9dcd8df03fd6456faeb4293c036b91a130a18f86a945c8964a576c1c70

    • SHA512

      336eca9569c0072e92ce16743f47ba9d6be06390a196f8e81654d6a42642ff5c99e423bfed00a8396bb0b037d5b54df8c3bde53757646e7e1a204f3be271c998

    • SSDEEP

      24576:ftncpVGP4I9FsEsyt8l+E+s1tB7parWM0+AL5QgZQvUXtAqlU0ZyMRp:epUP59FBJZEH1X1arF0vN/nX

    Score
    10/10
    discovery

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

1
T1222

Credential Access

Discovery

Query Registry

5
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

5
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks