0432dca5d3f8623103c1e112f052a4ed7990d550b029c445858ffc94a9abe65b

Resubmissions

15/04/2024, 17:37

240415-v66nksed8w 7

15/04/2024, 17:34

240415-v5ll1sed3z 7

15/04/2024, 17:30

240415-v3fmzsca66 3

15/04/2024, 17:27

240415-v1vdcseb8w 7

Sharing

Copy URL

Twitter E-mail

General

Target

WindowsPowerShell.zip
Size

2.9MB
Sample

240415-v1vdcseb8w
MD5

4beaf6b031c0c5207b19918913b57e0d
SHA1

c9856b91a671619302799d166875cfda119fb121
SHA256

0432dca5d3f8623103c1e112f052a4ed7990d550b029c445858ffc94a9abe65b
SHA512

3eb79e807c5a8ecda39d8da9591bef48d7db49004ad052c6e2e4a53d922cd97d2ded480c04d5397b946f9a0bc5944d2a45dc026fe35919e0c9aa63715b47095e
SSDEEP

49152:VDMkyxtSYe6vWnyXkeC9TDVG2wl9Bs1DIN1BWWh7PbCpoV0pX8o7mQuzg7pVa1GV:Gky33e6+nmCts2cBN5Cpc0986wqm1gt1

Score

7^/10

Malware Config

Targets

- Target
  
  WindowsPowerShell/v1.0/Modules/ConfigDefenderPerformance/MSFT_MpPerformanceRecording.psm1
- Size
  
  78KB
- MD5
  
  0c1e5e59eb65ac478dfa977a1e8b7973
- SHA1
  
  b57a996fabe2557774dcc500b2aa9e40359bc47b
- SHA256
  
  2d844659aebd039dae0ea731d5187219a08ecc8739cd6f87e8a78bf118a85a1a
- SHA512
  
  11fa03fff71f3f9dff78e9b3575074902928707b75840630067b7ebb9d7ebc1454c7d41aeb26c1ca466a79b2fea941780a118ef2066bc16aa65628f6b3ef7526
- SSDEEP
  
  1536:yP1YeVLqzm4vFo1BWMWuT7qCW+H/8kQYl9mrd3wG8OGPDKQxV1AcJRBF/AwgFXbj:yCehqzm4vFo1BWMWuT7qCW+H/8kQYl9y
Score

1^/10
behavioral1 behavioral2
- Target
  
  WindowsPowerShell/v1.0/Modules/DnsClient/dnslookup.dll
- Size
  
  38KB
- MD5
  
  44a79a8ce32347dc70910bb6bfb6f27b
- SHA1
  
  c4c75c3b819dc0eda74bc0943621c2c176d0a788
- SHA256
  
  7c307423e564ff3cf8143086871575d62ab76444d1f55d166cfaee4951f2622b
- SHA512
  
  f0e5ec8608190d0980dfa22840387c70b0949815d2f1636497668e5cbda279cf4a1914cbb071528a665e7a94004f4063234f535bbc4b217aa81adbb7492676ba
- SSDEEP
  
  768:+EelfsELdgnUEGC+AuOLMQXbXbKqxHHnlr8MF4P+HNFyA41KVYM:9elfs2dgUCkOrqgp2K7
Score

1^/10
behavioral3 behavioral4
- Target
  
  WindowsPowerShell/v1.0/Modules/EventTracingManagement/EventTracingManagement.psm1
- Size
  
  5KB
- MD5
  
  d329a4e3266d58f7508dd32b765d50a7
- SHA1
  
  7b5dce66449fe09d60cc179cbe06771b03b6bfcc
- SHA256
  
  f02fc225831c34c78f39c9e2f716b3a37cdc079c5c33ea08525970842abff291
- SHA512
  
  8b9b16b35f93425517709395a46a16875e95ae0b956104e56a1251374a03fe11c36572adf2e9bb64f1afa12ede2b8983de4f99f3494d8c3329f5c941fcb76678
- SSDEEP
  
  96:cqy0yikGvssZKUkKrrry1DuKKxTRFSigSiXfq7XNN:WJikcs+LkKlKKx9FEbyLNN
Score

1^/10
behavioral5 behavioral6
- Target
  
  WindowsPowerShell/v1.0/Modules/EventTracingManagement/MSFT_AutologgerConfig_v1.0.format.ps1xml
- Size
  
  5KB
- MD5
  
  af00233bf19d5eb561be3fdafdc72f89
- SHA1
  
  afe9aa54fabe322b8a105919dc6177acc3a388c1
- SHA256
  
  6ee0cbfda1850f8304692529b88037c1530b3a805eef3aff1c2dbbfc64cb730b
- SHA512
  
  1de21718196ab33e10c27ae96398d47d85e99e30b989e8721abaeb5eb7d436d2a881b5379bd18829e2683bd11cc0b8bd18421d1d1a3bbd13624f95c9233573c3
- SSDEEP
  
  24:JdQeCPYaT9QMhEqwi34H4egNJPYMRVgMpEygq3wpU:3QlAK9QM6qF9ASVgMiyB
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8
- Target
  
  WindowsPowerShell/v1.0/Modules/EventTracingManagement/MSFT_EtwTraceProvider_v1.0.format.ps1xml
- Size
  
  3KB
- MD5
  
  a86582bcb8f69eb983e9fdc9efbc0ccf
- SHA1
  
  77e8a5d6bf742c8979ddcc0a1453756dc44e3108
- SHA256
  
  da4b0c55d3e24ae419945d1d6ba3c185aa09985a0d34493a09cca13acf655636
- SHA512
  
  31656de2527106b8cffdf64eb38fb344c5cd9270e6e6738cd1b4f60f432b0ec7937c5c87d25f7181169077515c7ea8b6bc65e3f89f4bffabae56fb8e6f5e833d
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral10 behavioral9
- Target
  
  WindowsPowerShell/v1.0/Modules/EventTracingManagement/MSFT_EtwTraceSession_v1.0.format.ps1xml
- Size
  
  3KB
- MD5
  
  3762ba1ad7ff3e9db6bc78d1fbc32cfe
- SHA1
  
  4703f27540d2357ef8289a560d18c2d296f3cf4c
- SHA256
  
  342e409e3dba8fc0feec43001005bd222565246b5f16dd670860679118ca7909
- SHA512
  
  e46664a0aa02114e501237be59a7afc727474e654cf0feeda63b670cb71e1166320882fb4812bd8093650a06a9025c6e5aa834e892d26c30a4822658f16b4d73
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12
- Target
  
  WindowsPowerShell/v1.0/Modules/Get-NetView/Get-NetView.psm1
- Size
  
  110KB
- MD5
  
  8687881579d80c458e07f0f8747c056b
- SHA1
  
  bfb55e32e82689e143881d76da3c5a56784c6fcb
- SHA256
  
  0af370258f581af1d63384e53878cd16c08566dfb9062edcb8c847ece28bd37c
- SHA512
  
  5e233d14f8442b46cfc568dac9f4ef8714f1d44f1bace7869b4c1481386cf500f546e8232534e29005dea2849e6e939440e9d5f85bff30c6ed3520f774571144
- SSDEEP
  
  768:sBP2/Byj9gieuPZFG27L3rbQ1oRWCpUkY9KAXtxiicAD:sBP2AjFTG27LPKoRWC6d9yicw
Score

4^/10
behavioral13 behavioral14
- Target
  
  WindowsPowerShell/v1.0/Modules/ISE/ise.psm1
- Size
  
  4KB
- MD5
  
  0cc58ed701d92783cba93de41f0f5147
- SHA1
  
  da8001f3cefdf302679044f6cdfb33f6976cb0e4
- SHA256
  
  4f8c9a82730090babbdd39c009ac3043072a16a788a70356622c2fc98603a6b9
- SHA512
  
  c59384c540e0e7c311731ae89ebd47b3fb50d5107f82b6e849f8d5426e633f6647b7b6b20cfdd1262e38ee5cdb20dd1a919991582f35cd595d070ed6775dc2a9
- SSDEEP
  
  96:jXCdMnid8ETECfQ0QBdbW4v/85j6YRa8R2B:uG/EOrdK4vkhvO
Score

1^/10
behavioral15 behavioral16
- Target
  
  WindowsPowerShell/v1.0/Modules/LAPS/LAPS.psm1
- Size
  
  27KB
- MD5
  
  3d8e29f5f5c254a704abe76f6f747c64
- SHA1
  
  a15ad37ec66d2b419e4890a229a8057714f84b5b
- SHA256
  
  aea348ac0d28d8e5446b42c5cd1837837b1182149a0b8ac0a559fea37468b149
- SHA512
  
  321dd834a13cf2e63dd0109fb37bc593543ecc5d6fd7eaaa613c70f3c3b09d206c47994ab4ce85a846cf9667a5f119a7c789aba7136a41106ca41c8fb25712e3
- SSDEEP
  
  384:Pcjn0mJXlvxoBBAk0WyiaF86wx1xyyM3DfyMxBl4bziXoVooy/2pP9dyL8z/8X1U:PxBcyM3DqaBlMW4VDy/2fd9iC
Score

1^/10
behavioral17 behavioral18
- Target
  
  WindowsPowerShell/v1.0/Modules/LAPS/lapspsh.dll
- Size
  
  105KB
- MD5
  
  9638886f615ba86b3c41f6a7c5891a57
- SHA1
  
  16ce48a0bdd385275637583c31b608a8fb32da64
- SHA256
  
  4040e9f90e35e3f31f47c8dc0bfd1ab0f8313e53433fc0b1725677ee5cf738cd
- SHA512
  
  47e1afedf81e4aec9e1c92437aea064f5408e2331eb0a8a26abf001e3e62fd3249389c0439e402dc6999224ffd853842774c92fceb06e0ac5481456fe784c512
- SSDEEP
  
  1536:NYgnyUJVXmQ4AaqLOANF2jZeU42itU7BFmZ8MNH6UZQfvf41zdFdtpfyDzPdiD51:+WLEBFmGMkLX2dFdrfyNkj
Score

1^/10
behavioral19 behavioral20
- Target
  
  WindowsPowerShell/v1.0/Modules/LAPS/lapsutil.dll
- Size
  
  80KB
- MD5
  
  2a936dba06b2925de5f8b7ae61e155bc
- SHA1
  
  62d392bb29729d2589b28b9aba22398ef0478ce2
- SHA256
  
  9cc22f4cbc858db6869c4a05c1ef1de2c432f27e0156f5f243b65fa0f3a63faf
- SHA512
  
  624a990be023a37b2ade337201365643023a17dfdea128c7f366fc0e3ea9de51cea9634d6d828db25d4c79b3fd29d12ebc1c329fc37416e651ee9752bbd89031
- SSDEEP
  
  1536:AE2PiO5FC+txkEQwhEYq3vwrC8+S6P+ZuP:IKeXtyE/Xoh8H6P+ZuP
Score

1^/10
behavioral21
- Target
  
  WindowsPowerShell/v1.0/Modules/LanguagePackManagement/Microsoft.LanguagePackManagement.Powershell.Commands.dll
- Size
  
  26KB
- MD5
  
  70f4c2e6d529adaedf2f7fb68d08ce4c
- SHA1
  
  217df36dde4da5b661bbf962dfe21da3ebeaeb69
- SHA256
  
  7eaa4484b5cc5e17871e80f27f3d559991c74a08128b8755c32018d3d6bef8e5
- SHA512
  
  476860866833f6ec3c8953485f4abd6a2b62514c2e8746dd4640af39b95977ef72e7161c413fa48ff484d1362ec146066d6ebefee1acb95a74314908111248c2
- SSDEEP
  
  384:9uu/VbDCsC7bX7NtKOfv/DMF2PxgFgm3KYwL8DYXLKgW2xBWXsW:B/VbWsE7NtzxZSBmgii
Score

1^/10
behavioral22 behavioral23
- Target
  
  WindowsPowerShell/v1.0/Modules/LanguagePackManagement/en/Microsoft.LanguagePackManagement.Powershell.Commands.Resources.dll
- Size
  
  4KB
- MD5
  
  96387a2aca9d7a2f5d0b82512da9610b
- SHA1
  
  994859ea04c00ad1fea6ecf816349f1e528c34fd
- SHA256
  
  78b48ea51625a03507b0787a6d1ee14caa7d5627e06ca849ddac86a5cf68d38c
- SHA512
  
  090344f10ff642a407a43796559f6b122e7aea9ca465ef76c226930e76b9b36351f0d3eeafac2aea189e94e1cb112c37c8fab3dff12bc947efcaa25c3b7fc577
- SSDEEP
  
  48:6hdH2FwFDyvoxhNcd+6xNsXWSCesS7P6IorbToZWSVu0hgKG0hgc5Wqg:8W2x6oTN/66Zs7Io7kW50hBG0h9W
Score

1^/10
behavioral24 behavioral25
- Target
  
  WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Archive/Microsoft.PowerShell.Archive.psm1
- Size
  
  106KB
- MD5
  
  87c1bca57167d446370e3a2170410f8c
- SHA1
  
  54011fbaefffa08dc2519ef69d2857ea1fff86be
- SHA256
  
  44e8d903bc6e6dff25a6ea8f03540bf1ad8a0cd333604c17949c44cf4715f884
- SHA512
  
  62bfde59f67652deec9ac4f5e3aa071bd1ca296e0b506258aec134153411bf42d21b952f7491f08e41876fd3e18328dedb944fda5d1a34e1bded8738d46685c3
- SSDEEP
  
  768:kBFK8V1yDC5rYJik/3/JNjb61spThgv0g8F0Dur9xrGgzRV4Q+8W5en6LDK5vNWZ:koOOHTF74Qg5oRw
Score

1^/10
behavioral26 behavioral27
- Target
  
  WindowsPowerShell/v1.0/Modules/NetEventPacketCapture/MSFT_NetEventNetworkAdapter.format.ps1xml
- Size
  
  2KB
- MD5
  
  b03b2db693a0f8672c5e009fadb603cb
- SHA1
  
  a477683a6a4e3c6356d4e6d8a336c194d672458b
- SHA256
  
  6acfca4a288af9ec206f32cecead339d90fff94e16ce5957220962f3c83d64ec
- SHA512
  
  64112103a80ef91264f427d1027a4072cc83d815f692e8ad1a132fe4ccb92e38bcf5f875c1bcbe27f902d8eb69ee97af442d86f0c26ae5a1fdfc3bcb414fe242
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral28 behavioral29
- Target
  
  WindowsPowerShell/v1.0/Modules/NetEventPacketCapture/MSFT_NetEventPacketCaptureProvider.format.ps1xml
- Size
  
  5KB
- MD5
  
  906b713599d6e8e21ab96765873375e9
- SHA1
  
  b97260e1bd73a540094993257ed9c6ac5b37e6a0
- SHA256
  
  2d57220046856b8a8df9a687ffd13f8b89c9d8e0edaabd0bba96c2e9159849c4
- SHA512
  
  24c9e411bda020c25e80a13fce3a162d5e57f6226092ce53d536011ea6f3766b373a8867c53e827d45ccf309dcafbda646546683e299b432bee6da06ad97bafc
- SSDEEP
  
  24:JdJlhPRlEPTxnuIkTVBvxlnJPRlE9BBBBBBBBBBBBIRpnWIEjVpbU:3Jlh5lexnHkpB5lJ5lRpnPEZp4
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral30 behavioral31
- Target
  
  WindowsPowerShell/v1.0/Modules/NetEventPacketCapture/MSFT_NetEventProvider.format.ps1xml
- Size
  
  2KB
- MD5
  
  29eed17b7003653bc50f6125efe2c7b9
- SHA1
  
  790ed252508bb1d3a4a2f411c7d742064d121272
- SHA256
  
  3ecbd7b91d15b6c612498ecb6603bae4962338371e9ad830732271b396973a72
- SHA512
  
  28d9c42ed155a89dddd0617d95ea486b635710c100e547f9b8cb57d09e7a580a54163fafa5a538542353e46af2f6dce7a9441d162ec4c2db8871c193ddaabf76
Score

3^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32