Overview

overview

8

Static

static

3

GameSetup.7z

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    GameSetup.7z

  • Size

    3.0MB

  • Sample

    240406-kwwerafe52

  • MD5

    1ebb88eeb566498b86b3575ada884477

  • SHA1

    bafd26b19cd7df726e2d18d821126687bea81ca7

  • SHA256

    3f44ac193cf68ad1309feff3d432122f4a903920dc23ade59a4ff3cf51e12b72

  • SHA512

    932a917331ae4254c26096f8e84c26caf6863b203e472ef953c767b529336394f9e188946f1ed13a554f6fbfe5ab5145425077b440eadb9c0add328d3067a4e9

  • SSDEEP

    98304:itZI4tG+2uzHUse2R5elfEF9vtammGFnB:itOSG+2uzHUXGBSGFB

Score
8/10
persistence

Malware Config

Targets

    • Target

      GameSetup.7z

    • Size

      3.0MB

    • MD5

      1ebb88eeb566498b86b3575ada884477

    • SHA1

      bafd26b19cd7df726e2d18d821126687bea81ca7

    • SHA256

      3f44ac193cf68ad1309feff3d432122f4a903920dc23ade59a4ff3cf51e12b72

    • SHA512

      932a917331ae4254c26096f8e84c26caf6863b203e472ef953c767b529336394f9e188946f1ed13a554f6fbfe5ab5145425077b440eadb9c0add328d3067a4e9

    • SSDEEP

      98304:itZI4tG+2uzHUse2R5elfEF9vtammGFnB:itOSG+2uzHUXGBSGFB

    Score
    8/10
    persistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks