12bae61fbc85d233135b2364b34ece68bf578db4535c54cdfeb2c8ac67b08325 | Triage

Sharing

General

Target

uwd.exe
Size

610KB
Sample

240307-rwm7psdd42
MD5

49637e4ae02ad0066cd78eb0ea21ec9e
SHA1

e875447cd5f5eb7c486a475eba97823678c29962
SHA256

12bae61fbc85d233135b2364b34ece68bf578db4535c54cdfeb2c8ac67b08325
SHA512

113b716aed397fb4a8cf19b412793fc0b1a1691922145f833692a8d8069a7e907c8b1e41b139453154b03023dd0ec3362d21e109753dd736d35e8c531da898be
SSDEEP

12288:zN800y4lJOSdwJ9L4Abzc1LBWBZdnzhvc:x+ypWGfo1LBWBZpFc

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  uwd.exe
- Size
  
  610KB
- MD5
  
  49637e4ae02ad0066cd78eb0ea21ec9e
- SHA1
  
  e875447cd5f5eb7c486a475eba97823678c29962
- SHA256
  
  12bae61fbc85d233135b2364b34ece68bf578db4535c54cdfeb2c8ac67b08325
- SHA512
  
  113b716aed397fb4a8cf19b412793fc0b1a1691922145f833692a8d8069a7e907c8b1e41b139453154b03023dd0ec3362d21e109753dd736d35e8c531da898be
- SSDEEP
  
  12288:zN800y4lJOSdwJ9L4Abzc1LBWBZdnzhvc:x+ypWGfo1LBWBZpFc
Score

8^/10

persistence
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2