4903af6f93e8071209af7b5ba37337d22c72676fc3ccc9b2e1313b0a384f1995 | Triage

Sharing

General

Target

wininitoverwriter.exe
Size

1.1MB
Sample

231116-19ft8abe5x
MD5

6b10b1ccb93e68986628cc285ea034df
SHA1

b2da46a7d5542110691a44bca53005aa94bfc795
SHA256

4903af6f93e8071209af7b5ba37337d22c72676fc3ccc9b2e1313b0a384f1995
SHA512

e8b7d3ab9d1e56532661911e97f1345743a2e47afb3e47db070d9b5b29aaf3e550f86bfb50a5c54f624446f07350e99e822fb1a5d305741b9086d6b21e7b8da2
SSDEEP

24576:ldz8yaFhsKrh0hg6TKnHYxERyMHdRE3LgLAOh7bCLsgi8fBi6dS:kkPKyqyuE3tOlmsh8f

Score

8^/10

discovery exploit

Malware Config

Targets

- Target
  
  wininitoverwriter.exe
- Size
  
  1.1MB
- MD5
  
  6b10b1ccb93e68986628cc285ea034df
- SHA1
  
  b2da46a7d5542110691a44bca53005aa94bfc795
- SHA256
  
  4903af6f93e8071209af7b5ba37337d22c72676fc3ccc9b2e1313b0a384f1995
- SHA512
  
  e8b7d3ab9d1e56532661911e97f1345743a2e47afb3e47db070d9b5b29aaf3e550f86bfb50a5c54f624446f07350e99e822fb1a5d305741b9086d6b21e7b8da2
- SSDEEP
  
  24576:ldz8yaFhsKrh0hg6TKnHYxERyMHdRE3LgLAOh7bCLsgi8fBi6dS:kkPKyqyuE3tOlmsh8f
Score

8^/10

discovery exploit
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexploit

behavioral2

discoveryexploit