45fb5807dc1f88cb65dbfe611028ad09f1e85ab0ab244a1f691408c063851cc1 | Triage

Resubmissions

22/02/2024, 16:34

240222-t3aajace3t 8

16/02/2024, 19:46

240216-yhglbsfa4v 8

13/02/2024, 09:11

240213-k52ywsff78 8

13/02/2024, 08:54

240213-kva3esdh9z 8

Sharing

Copy URL Twitter E-mail

General

Target

PDFTools_46568495.msi
Size

10.1MB
Sample

240213-kva3esdh9z
MD5

1595d56c7936d94be54be0ad0e4d24b8
SHA1

0af8ecc265aa6c1a97ceda6d486de34d52b39c08
SHA256

45fb5807dc1f88cb65dbfe611028ad09f1e85ab0ab244a1f691408c063851cc1
SHA512

a3b7e4061eae1cf137f8aaa40a05f63379771f16fb04518be2ac49b65d772d8144b6ca854787be13c528cc8ef8936d0e513fb805d832459da9c51dda57c8a41b
SSDEEP

98304:9nmD+Qmq79H23UCB9DgnUOOcdtzzE4DUjHz2mqTPjB1cEdNWYcyVnpc7K800mf99:9UN7RI5gbOcdtnDNbzn3z1FB

Score

8^/10

Malware Config

Targets

- Target
  
  PDFTools_46568495.msi
- Size
  
  10.1MB
- MD5
  
  1595d56c7936d94be54be0ad0e4d24b8
- SHA1
  
  0af8ecc265aa6c1a97ceda6d486de34d52b39c08
- SHA256
  
  45fb5807dc1f88cb65dbfe611028ad09f1e85ab0ab244a1f691408c063851cc1
- SHA512
  
  a3b7e4061eae1cf137f8aaa40a05f63379771f16fb04518be2ac49b65d772d8144b6ca854787be13c528cc8ef8936d0e513fb805d832459da9c51dda57c8a41b
- SSDEEP
  
  98304:9nmD+Qmq79H23UCB9DgnUOOcdtzzE4DUjHz2mqTPjB1cEdNWYcyVnpc7K800mf99:9UN7RI5gbOcdtnDNbzn3z1FB
Score

8^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2