4d298eefa9a805528c7455db8c8cee4221fd165b37fc56d072a0ee025707027c | Triage

Sharing

General

Target

c9b99cb612664b716360da9e3c946928
Size

1.0MB
Sample

240314-1y43nsgf3t
MD5

c9b99cb612664b716360da9e3c946928
SHA1

7f92eebba26d781559f5ca8c4bc97ba5774191a1
SHA256

4d298eefa9a805528c7455db8c8cee4221fd165b37fc56d072a0ee025707027c
SHA512

61d685398071844116550342fc165bcc08035a754d2e236ab10060ba847217de2f833a1cc1f0bcd0a85e5a64fb6add6abe07eda14d39891fb5768813963776ad
SSDEEP

24576:Qvc2ilBO8gG1QVxilVpskgS7gwNTxwlpa+l29CmwgOQa:8c2ilBOcQiVs6UwNFEZ8aT

Score

7^/10

persistence upx

Malware Config

Targets

- Target
  
  c9b99cb612664b716360da9e3c946928
- Size
  
  1.0MB
- MD5
  
  c9b99cb612664b716360da9e3c946928
- SHA1
  
  7f92eebba26d781559f5ca8c4bc97ba5774191a1
- SHA256
  
  4d298eefa9a805528c7455db8c8cee4221fd165b37fc56d072a0ee025707027c
- SHA512
  
  61d685398071844116550342fc165bcc08035a754d2e236ab10060ba847217de2f833a1cc1f0bcd0a85e5a64fb6add6abe07eda14d39891fb5768813963776ad
- SSDEEP
  
  24576:Qvc2ilBO8gG1QVxilVpskgS7gwNTxwlpa+l29CmwgOQa:8c2ilBOcQiVs6UwNFEZ8aT
Score

7^/10

persistence upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10
behavioral3 behavioral4
- Target
  
  MicrowindowSearch_setup_04.exe
- Size
  
  1.0MB
- MD5
  
  759d00c2969f6b7af6b5517379915e52
- SHA1
  
  9f9efd2f97102b3d06f74a18880c08946f0383b1
- SHA256
  
  02614d987c6beda8dde5ee57c6768e83565333a84ce7b46f65c90985c267410b
- SHA512
  
  ca30b5deece9a79a3e1c1a580020f112e48f9468ea359bca17b33fd44c34d624f2f56c96db0591c3303f5a4a1b4234c0bc8e2bda11003d03a93583d0a5860ac0
- SSDEEP
  
  24576:DfOy7hgGmeuAKK6ggVjwPTU1eHa+a28CmjtOE:DGiweuXVwPIwz147
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6