General
-
Target
PreSetup 2.exe
-
Size
226KB
-
Sample
240420-m3lj8sfd9w
-
MD5
13f52b5eb6d4ca2fa9b6bcb6a706f80a
-
SHA1
c032838e55f598ef2b2de9d26d056e5a2bfcc08e
-
SHA256
0fe3174a9efe12d1c80a1c41df2a0df4e24b34e4aabb7c8e3c8dbc323046ea0e
-
SHA512
a6c4b1c5f108af3971924a958cb1e5d1010b1da10d3c183fbe550e551efd583152ccc7505b0580cd4f866552af8a51eeb080e1181d4bfb53f28a0a7700ef3c42
-
SSDEEP
3072:FDFfHgTWmCRkGbKGLeNTBfNOwitsxAC+CzIlzFlg:x5aWbksiNTB1OwLxXMlBlg
Static task
static1
Behavioral task
behavioral1
Sample
PreSetup 2.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PreSetup 2.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
PreSetup 2.exe
-
Size
226KB
-
MD5
13f52b5eb6d4ca2fa9b6bcb6a706f80a
-
SHA1
c032838e55f598ef2b2de9d26d056e5a2bfcc08e
-
SHA256
0fe3174a9efe12d1c80a1c41df2a0df4e24b34e4aabb7c8e3c8dbc323046ea0e
-
SHA512
a6c4b1c5f108af3971924a958cb1e5d1010b1da10d3c183fbe550e551efd583152ccc7505b0580cd4f866552af8a51eeb080e1181d4bfb53f28a0a7700ef3c42
-
SSDEEP
3072:FDFfHgTWmCRkGbKGLeNTBfNOwitsxAC+CzIlzFlg:x5aWbksiNTB1OwLxXMlBlg
Score10/10-
Modifies firewall policy service
-
Modifies boot configuration data using bcdedit
-
Modifies Windows Firewall
-
Possible privilege escalation attempt
-
Registers new Print Monitor
-
Sets file execution options in registry
-
Stops running service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Registers COM server for autorun
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
3Windows Service
3Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Privilege Escalation
Create or Modify System Process
3Windows Service
3Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Defense Evasion
Modify Registry
4Impair Defenses
2Disable or Modify System Firewall
1File and Directory Permissions Modification
1