Resubmissions

11-12-2023 15:37

231211-s2e9qacbe4 7

10-12-2023 15:29

231210-sw5x7aged8 10

09-12-2023 15:39

231209-s3lswshbfl 10

08-12-2023 04:20

231208-ex7lhsha83 10

07-12-2023 15:32

231207-syzh7acg62 10

01-12-2023 15:49

231201-s9kt6sdb45 10

01-12-2023 04:15

231201-evbq3aeh46 10

26-11-2023 06:57

231126-hrbtfafc68 10

19-11-2023 02:41

231119-c6sgvage73 10

General

  • Target

    hiqa.exe

  • Size

    14MB

  • Sample

    231207-syzh7acg62

  • MD5

    eafd16a8eb7e6489286d094d9a6edfcf

  • SHA1

    860a03fd13ca678e498b63c81bf7ef4d7cf34fa5

  • SHA256

    68ea7711782bceb7a79e2c9e8f6245c7d9f9f997d3b8a7e16fc38b2c2c1f2043

  • SHA512

    361ec653a4ba18f006e73ef3438fedb56938bc43d01d2bd4bf6985d3317a0e16eb48a522e86027e4464660e54dd3333a24096d6f961004c4ea7e5978b8032ef1

  • SSDEEP

    98304:gsGNJipGZNaQrpBKXSSDYAKvs9fqdrSrJLA60BPL8jCcY:/5pGuwKXSSovs9fqdrSrOpBP

Score
10/10

Malware Config

Targets

    • Target

      hiqa.exe

    • Size

      14MB

    • MD5

      eafd16a8eb7e6489286d094d9a6edfcf

    • SHA1

      860a03fd13ca678e498b63c81bf7ef4d7cf34fa5

    • SHA256

      68ea7711782bceb7a79e2c9e8f6245c7d9f9f997d3b8a7e16fc38b2c2c1f2043

    • SHA512

      361ec653a4ba18f006e73ef3438fedb56938bc43d01d2bd4bf6985d3317a0e16eb48a522e86027e4464660e54dd3333a24096d6f961004c4ea7e5978b8032ef1

    • SSDEEP

      98304:gsGNJipGZNaQrpBKXSSDYAKvs9fqdrSrJLA60BPL8jCcY:/5pGuwKXSSovs9fqdrSrOpBP

    Score
    10/10
    • UAC bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Tasks