c37a5bd22e9a2565e57e81ce8d97a8d6aa17633ad819607f34ea924d00f9944e | Triage

Sharing

General

Target

00113722_xp_vista_7.zip
Size

18.0MB
Sample

240223-wh2kdsed93
MD5

6c4c1899ae63b6e3269608330f98e387
SHA1

ad9a7f31d1aba2224654dd0a55d3bac4b7d18b2c
SHA256

c37a5bd22e9a2565e57e81ce8d97a8d6aa17633ad819607f34ea924d00f9944e
SHA512

54934c348d28ea09ddb7243f128197e25934e93b78d688c7773b28051167a58a7ad2f614b3687d2a002c6fce08d4170c4529ba3d13d5c89e24c5335e770f2c99
SSDEEP

393216:R3FCnO/bUMmp58DRy/SVCYiiDuoZ3U+Wyg:RkKbU78D1FiiJYyg

Score

7^/10

discovery persistence upx

Malware Config

Targets

- Target
  
  00113722_xp_vista_7.zip
- Size
  
  18.0MB
- MD5
  
  6c4c1899ae63b6e3269608330f98e387
- SHA1
  
  ad9a7f31d1aba2224654dd0a55d3bac4b7d18b2c
- SHA256
  
  c37a5bd22e9a2565e57e81ce8d97a8d6aa17633ad819607f34ea924d00f9944e
- SHA512
  
  54934c348d28ea09ddb7243f128197e25934e93b78d688c7773b28051167a58a7ad2f614b3687d2a002c6fce08d4170c4529ba3d13d5c89e24c5335e770f2c99
- SSDEEP
  
  393216:R3FCnO/bUMmp58DRy/SVCYiiDuoZ3U+Wyg:RkKbU78D1FiiJYyg
Score

1^/10
behavioral1 behavioral2
- Target
  
  00113722_XP_Vista_7/00113722man_cs_de_en_es_fr_it_nl_pl_pt_ro_ru_sk_300.pdf
- Size
  
  10.5MB
- MD5
  
  74ea9cee524877ae2c5e3fea11a72de9
- SHA1
  
  aa9f7abdf716c2f7aeb7894581c65332fa5512ee
- SHA256
  
  aeba5f4993e631fbf64c860889e8f5416b25d2cec6092588faa63ea0d5eff264
- SHA512
  
  3c3524eb3f173f15e4e892b43e317ff3483d4a28da8aa6697eae10fd5e0d0241d069adc1efa01ff47b5bd9f1d524a266553ac1216b27f8077063f2e115ff38cd
- SSDEEP
  
  196608:ekdDi6rv/QNLSycUahD4XuFcuxP3Nc/vAd/enPeFwi1yOak:ekdD1reSdhvxfeMenPA6k
Score

1^/10
behavioral3 behavioral4
- Target
  
  00113722_XP_Vista_7/ISSetup.dll
- Size
  
  539KB
- MD5
  
  708814a62ba813cea1a94bb77d68195b
- SHA1
  
  39c99a215751832481dc9b2ac2d6dbb17435195d
- SHA256
  
  999c523b3e43f399966a49f3caeb2a7d8ccb39d5911dfe71fd15a6a0aa2b87fe
- SHA512
  
  426cd1a12e42212ff541b3bd9c239282d548596487929b17c657056958d71a77fce209c5daa606af4d0eb6c5f74779b6d332997d00e71f6ec80fd18407c57bd3
- SSDEEP
  
  12288:Ve69Ayq/4aPisKA/pl2HM+yUN8IU03ynJNCBa7L:8OAyCPL2HM+yU8TnJMBa3
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  00113722_XP_Vista_7/_Setup.dll
- Size
  
  160KB
- MD5
  
  30ebd4e80b1dda05eac709a1dc5965b4
- SHA1
  
  2418232370026574baabc84b105f6dd9e458ad86
- SHA256
  
  8802e54ce01babf7bb22d0da5c83bebc5c05d0ccd73566a5f836690e9278a696
- SHA512
  
  5115afea66734fe53c9479a6569b7fbc1ef395432781367cd68c7f4878ca3884bad0a960f76db2a40314484f329c4288a6ecf4a93cc49642c5e412448c5a2557
- SSDEEP
  
  3072:Eb9YfMX0E9QsJB9cWe7Ka2coNfCp5CzQQfnlS6LlwYKU7:EKlua8NfCp5CcS7
Score

1^/10
behavioral7 behavioral8
- Target
  
  00113722_XP_Vista_7/data1.cab
- Size
  
  492KB
- MD5
  
  17eae0d044bf2882e0f5bd1eadd72dea
- SHA1
  
  f68dbe4f203969dc9e5c9e92e5b53d52adb1e55a
- SHA256
  
  a52adc5b087c7af7307d7e133b8183026e88bf42bd1e87dfb003fd144222150a
- SHA512
  
  4da3d3d05ca55d0b6db040200fd8117ad8f1e1fd4cab5a664b87c1286fd82d3a2b4f673a5a562c2a3b2f33fe21fd28c3d85b0037e2849a10679674e7c1ea7e79
- SSDEEP
  
  12288:EQYeyG+KOIZgdpU3asJC6kTkVdNUKDgmwI:ZSGzPmdO3qdvK8+
Score

1^/10
behavioral10 behavioral9
- Target
  
  00113722_XP_Vista_7/data1.hdr
- Size
  
  27KB
- MD5
  
  ab1ce2337b3c1be58e065d07b6eed4c2
- SHA1
  
  587028ceccc39daae2da1bf84b8a35fe7b0953d3
- SHA256
  
  c123ad21120605c4296f614c6acce9ff8e0ae464034dc011f11b7f608e79af08
- SHA512
  
  6bbc3ba895f47268f958ae92122d1a33155448fd08592fbd30af57bdd0afbf80e0cb0515e4bbb3b3e6618de05e552a82c1e0990d641b2b7bb0412a9eea83bda5
- SSDEEP
  
  384:KzgHXHyBRMUsG9nWg4qkap9s1wuM5rVMEjv54Q474o5xcY:FHXWwHo9iwu4rjR4Q474o5xcY
Score

3^/10
behavioral11 behavioral12
- Target
  
  00113722_XP_Vista_7/data2.cab
- Size
  
  6.9MB
- MD5
  
  db0dcee9f3c1984a8a5d739186477181
- SHA1
  
  9e8c7c93001857e025f2805437b10fa471fadb24
- SHA256
  
  e1333b5aaa09d1d4187d29acb3eeababa874eaa8d39f1c8e67e5988a90038368
- SHA512
  
  bb14335b9c5a34b633403d6fe50cb457b762018dfa1975ad1120c42e44a019daabf111d7f01adc8756502dd4814b9c33535e317bd770c12c05d15e82462c1189
- SSDEEP
  
  98304:uiLevzXjQ6Y4L4plzQAxaqeWLf1ahEBDENi8u/KYbtTiuGgQpAaIHNwiqeFyHpxX:fSnyQgRPeWL9DBAcUWtTiu9UIHpmJxdJ
Score

1^/10
behavioral13 behavioral14
- Target
  
  00113722_XP_Vista_7/layout.bin
- Size
  
  472B
- MD5
  
  271290e4d50ac448dd1f94972c8da705
- SHA1
  
  c3ac8fab109c1d50f9fa4d53dfdc483d68176909
- SHA256
  
  a32aafec5370e3f96320810f6de90e9cce78094f3b0650a7db17c5ee538bd350
- SHA512
  
  449c59383b471075829e79edbc01de8d1d3ba93fa2de3b5e96b68f84d5bde33fe5699841d141b6cf81aaa147b2afe19d859ab4240434217c64312dbf4d53e476
Score

3^/10
behavioral15 behavioral16
- Target
  
  00113722_XP_Vista_7/logo.JPG
- Size
  
  38KB
- MD5
  
  30f4c52d279c49d9702cdef417b64cc2
- SHA1
  
  746e677855449921acdf8a320dec2d91eaec834f
- SHA256
  
  a1c5b96add4b724ef36a7cb5b17d64c17f06355e00497eb1d728635b4e70bef7
- SHA512
  
  63f8882b596ec855ba8dc9bbda3574f6f0ce469d4df842e4c5ce3ed05dac5dd09a9b732e619769df2414b68b3a2679f5ba2b2a3ebae735eb78bc2c877621ff50
- SSDEEP
  
  768:98UA+J7X64o9KSYyrTdJzLG8JcYdOqGBcPHCMUecIW:eU1Jb6jKSnrS8HdOqYcPfDcIW
Score

3^/10
behavioral17 behavioral18
- Target
  
  00113722_XP_Vista_7/setup.exe
- Size
  
  444KB
- MD5
  
  fbab280d0cac5e21c72f0a1a7b5b9608
- SHA1
  
  f142143a5d63b51d45647c3d29d6d1468c6af321
- SHA256
  
  15ff52f3a2d8f23241bf7f8f90095ee3741e66fa177fb5b6dc729decc82a4a99
- SHA512
  
  e3e559297d9ef5c0040b0e1bd6e3371945789df163e767fe758118e092f3a090b7412e8e0883af9f69e89923bc4eb8be2ba75ded88c1b8b277d1f5d7aa2ad251
- SSDEEP
  
  6144:QB+BhEjoBfLdbNVOY5LY9CsDykwXNMWAi3cuOjyLDWCa6P58Rt3qgDHt5Fsp6Yr7:eohjbbHOY5c9CsDrgMLiMuf8e
Score

7^/10

discovery persistence upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral19 behavioral20
- Target
  
  00113722_XP_Vista_7/setup.ini
- Size
  
  441B
- MD5
  
  a872c61d7506d43e72ffde85eedb978d
- SHA1
  
  42f4e9147eefb7ccd8a8c45fbc8d8f4e3f031b4e
- SHA256
  
  fbc16c57ab07e7ccc67dd0bc5d3c94390a95430be0bc4f2c17e0c34723fdb8a4
- SHA512
  
  9c96b5df32153bdf8425109a03c4994150676dabbb297eaa3b16dccf0131d170ab64cb700c748457037c9c21c4a90b2fb767288d36cef04bddf4242e7decf74d
Score

1^/10
behavioral21 behavioral22
- Target
  
  00113722_XP_Vista_7/setup.inx
- Size
  
  216KB
- MD5
  
  e4699f5e75afd4817b8177410c728f42
- SHA1
  
  66937777108223432aff722c48093d50fde2a5fa
- SHA256
  
  a01fa3bf12c1688e3d65b7cb5c43055a71c914c7a38ca29b05ef3b7c48790b7a
- SHA512
  
  582472c286eec1d3ab183edd9e7029f645ac9a03f71116deebd2d6cfc4344c3f4177ec8b424f1625443b17acb77301bd28d1f65e552555a38c7c12a9e8b46493
- SSDEEP
  
  3072:jHi1PdNkN4nHgdgJWDd7FzxNS5RtxEoQdq50p8D9xcPs9e6jz3cs3LoHUFRYRR:j0N0mg7aekD7qNUbm
Score

3^/10
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

discoverypersistenceupx

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24