Overview

overview

7

Static

static

3

ndp48-web.exe

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ndp48-web.msi

  • Size

    33.2MB

  • Sample

    240201-q3jx7agffp

  • MD5

    14ee048368315c2cacb2783044dd0916

  • SHA1

    08ff221a0e206ae35075a679b91ad77b7950a033

  • SHA256

    c177f6540bb54e824a50fb3b2949b3051b16daf21f1333894174343104064c5f

  • SHA512

    7a2ebd463c1a944566bba2c7be1617bbac7c1c0b43f88c19393e9031358e62e44b685a9675dcf410f95ce1dbc80c9a78945d22bb483473cf7431a38b5d6e2fd7

  • SSDEEP

    786432:SFlv1JY9rY1YuFA5IfxCTn+s2VjyCLM2et8n6sMiA:S71JKJkMI0Tnf2V2yM208n6CA

Score
7/10
discoverypersistencepyinstaller

Malware Config

Targets

    • Target

      ndp48-web.msi

    • Size

      33.2MB

    • MD5

      14ee048368315c2cacb2783044dd0916

    • SHA1

      08ff221a0e206ae35075a679b91ad77b7950a033

    • SHA256

      c177f6540bb54e824a50fb3b2949b3051b16daf21f1333894174343104064c5f

    • SHA512

      7a2ebd463c1a944566bba2c7be1617bbac7c1c0b43f88c19393e9031358e62e44b685a9675dcf410f95ce1dbc80c9a78945d22bb483473cf7431a38b5d6e2fd7

    • SSDEEP

      786432:SFlv1JY9rY1YuFA5IfxCTn+s2VjyCLM2et8n6sMiA:S71JKJkMI0Tnf2V2yM208n6CA

    Score
    7/10
    discoverypersistencepyinstaller

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks