f1efd4e901a85cc7892dda4620376ddd65275790fcc4747cccfa1820dcb75722 | Triage

Sharing

General

Target

d6a0ec474c1a9be4762a34e045e12327301b0b1c70b25a0475572b138dfbee2e.zip
Size

139KB
Sample

231119-z29a5abf35
MD5

cb2719872a1a445490fcb7f2b0cb02c5
SHA1

18ebc718c175777cdaf50554e4049ecc031ad3ec
SHA256

f1efd4e901a85cc7892dda4620376ddd65275790fcc4747cccfa1820dcb75722
SHA512

b73ad7cc80f2f99ffaf16d0e346411f3c5d38781340d0cdede878b26ffc53fa9a0806c77cdb06f09e75a9dd13f28afccd507ad92028954d509d63817e2077868
SSDEEP

3072:G3M+lZvq762VkZoZYVSPpLIjZ2XAbIPglWzJMoqx5YL4:G3MyyOenpLINbIPg4T+mL4

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  d6a0ec474c1a9be4762a34e045e12327301b0b1c70b25a0475572b138dfbee2e.msi
- Size
  
  309KB
- MD5
  
  c9d54906e576c720fda1e23871435615
- SHA1
  
  b5ecb6f22678599320b29c67e3517981ee991634
- SHA256
  
  d6a0ec474c1a9be4762a34e045e12327301b0b1c70b25a0475572b138dfbee2e
- SHA512
  
  cf6a1d155429f48cdb8f5aaf23b086c5ac48588ada49184941b00fe9a7fad8f3f1413c48c74dc9ee39fcced57a1becfe7a02abd2ce09f48e5e67e9c3b4676935
- SSDEEP
  
  3072:1kxU0X04E6DG963DjY5AFwgz88ereWn/7w05g0ZCHbfIdn7k9uGkEp29wybtE7r2:1AIK3DjY5AQ8er1nzTubfIoZJ
Score

7^/10

persistence
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2