General
-
Target
eset_internet_security_live_installer (2).exe
-
Size
8.6MB
-
Sample
240419-x2ck2sdb75
-
MD5
c4ee2b1993df696e70468d49c9e3544f
-
SHA1
247516ef16c62d7a6294225818855846d2ad4311
-
SHA256
c9fbdbe295780bf6a97731418a8f40affac055f397597d6f0019ce3c121786c9
-
SHA512
8ac7c37fa26b565fc1be43d6976401fbf9db7cf49006d17a794a9c2da3c5a43d751981c3496a032e29631315a39646746ad58e573a851331e6854abeb16861a8
-
SSDEEP
196608:9mFgFE9vSMWU3wmIAEJVY8yJo20px+w711:9mFgF1mIXVYd22Mx+U
Static task
static1
Behavioral task
behavioral1
Sample
eset_internet_security_live_installer (2).exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
C:\Users\Admin\Desktop\@Please_Read_Me@.txt
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
eset_internet_security_live_installer (2).exe
-
Size
8.6MB
-
MD5
c4ee2b1993df696e70468d49c9e3544f
-
SHA1
247516ef16c62d7a6294225818855846d2ad4311
-
SHA256
c9fbdbe295780bf6a97731418a8f40affac055f397597d6f0019ce3c121786c9
-
SHA512
8ac7c37fa26b565fc1be43d6976401fbf9db7cf49006d17a794a9c2da3c5a43d751981c3496a032e29631315a39646746ad58e573a851331e6854abeb16861a8
-
SSDEEP
196608:9mFgFE9vSMWU3wmIAEJVY8yJo20px+w711:9mFgF1mIXVYd22Mx+U
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Drops startup file
-
Modifies file permissions
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Legitimate hosting services abused for malware hosting/C2
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Indicator Removal
1File Deletion
1File and Directory Permissions Modification
1Modify Registry
3Hide Artifacts
1Hidden Files and Directories
1