55cdc3f5be871fe96b329c880c34fd49cf4644016caf78976d19371510ab2dc1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tpmbypass.exe
Size

14.1MB
Sample

240421-pdhhdsbd4w
MD5

1244e36c5396962162b350164af442ea
SHA1

282e4a7430ffa621b6ce1eeb8df563d93f414fbd
SHA256

55cdc3f5be871fe96b329c880c34fd49cf4644016caf78976d19371510ab2dc1
SHA512

cbdfdd205a2f7f4931ef3d81bc50ec4d21d201e8c14769cee9c1c310f0c4833817b47d0470c11f4030adac91cbb9185afa6f5df788cc5220219aab427554c3ff
SSDEEP

393216:PvO1tr5xkrCSbuz8eFc8RKgwDH1O/UEqul:PmnDlsuQ8sgwDHwz

Score

6^/10

Malware Config

Targets

- Target
  
  tpmbypass.exe
- Size
  
  14.1MB
- MD5
  
  1244e36c5396962162b350164af442ea
- SHA1
  
  282e4a7430ffa621b6ce1eeb8df563d93f414fbd
- SHA256
  
  55cdc3f5be871fe96b329c880c34fd49cf4644016caf78976d19371510ab2dc1
- SHA512
  
  cbdfdd205a2f7f4931ef3d81bc50ec4d21d201e8c14769cee9c1c310f0c4833817b47d0470c11f4030adac91cbb9185afa6f5df788cc5220219aab427554c3ff
- SSDEEP
  
  393216:PvO1tr5xkrCSbuz8eFc8RKgwDH1O/UEqul:PmnDlsuQ8sgwDHwz
Score

6^/10
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1