959a21f3080fbde7bf47863f13aee106cb6ee5ac4f9e0452f2de72a9e85be30b | Triage

Resubmissions

21/09/2023, 01:57

230921-cdnyyscb2v 8

21/09/2023, 01:30

230921-bwz89sdh72 8

21/09/2023, 01:20

230921-bqfyfadg87 8

Sharing

General

Target

TopazPhotoAI.msi
Size

715.3MB
Sample

230921-bqfyfadg87
MD5

37da6e084069133462ceb0ff8d9e6d7d
SHA1

a6cd4325cc8c1c8b88623c1bdcf89473843a1401
SHA256

959a21f3080fbde7bf47863f13aee106cb6ee5ac4f9e0452f2de72a9e85be30b
SHA512

06f5205e11b951bd6d36668cf3cdb0154c8e47100bd190464fb931d41262ad7360a8bf6d15757ade21791f87b7449cb1c073a46c675a992a6a7e0ee6d3f7e5bb
SSDEEP

12582912:NA1ysv9UzJyLBnTN47giG3JfpB9hB1eJBQjfV/CtpywOxd0JarzI93k5:q179AkLBnhiUJBBreJBMfV/CtpyBxqAF

Score

8^/10

Malware Config

Targets

- Target
  
  TopazPhotoAI.msi
- Size
  
  715.3MB
- MD5
  
  37da6e084069133462ceb0ff8d9e6d7d
- SHA1
  
  a6cd4325cc8c1c8b88623c1bdcf89473843a1401
- SHA256
  
  959a21f3080fbde7bf47863f13aee106cb6ee5ac4f9e0452f2de72a9e85be30b
- SHA512
  
  06f5205e11b951bd6d36668cf3cdb0154c8e47100bd190464fb931d41262ad7360a8bf6d15757ade21791f87b7449cb1c073a46c675a992a6a7e0ee6d3f7e5bb
- SSDEEP
  
  12582912:NA1ysv9UzJyLBnTN47giG3JfpB9hB1eJBQjfV/CtpywOxd0JarzI93k5:q179AkLBnhiUJBBreJBMfV/CtpyBxqAF
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2