Overview

overview

8

Static

static

1

Setup.Micr...te.exe

windows11-21h2-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    Setup.Microsoft.PowerAutomate.exe

  • Size

    307.9MB

  • Sample

    240424-w5l38afa5x

  • MD5

    46197235b9bc499356208f91bd7805fe

  • SHA1

    d097de8f6cce0676abd61ce58524930dfc3c1573

  • SHA256

    d5263f305fa9848d37981b613e26bd0574001d06fe001b5940631dd6aab571de

  • SHA512

    b8ae9e7a37323bf0efc9144d4b6c58fa7902875da28f08018ba27961c24cc91096b06adfeaa5e9d561198003b39f39527b2ebdb487e8c10f3946ead1d28db9ee

  • SSDEEP

    6291456:F8Exp/3cVyzTRig27WSQcLH/zp3bZSqeHVLNTwrgGzjaB3E/QF9hidoK:mExp/3cVyzTeQcLfzpcur/c9hz

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      Setup.Microsoft.PowerAutomate.exe

    • Size

      307.9MB

    • MD5

      46197235b9bc499356208f91bd7805fe

    • SHA1

      d097de8f6cce0676abd61ce58524930dfc3c1573

    • SHA256

      d5263f305fa9848d37981b613e26bd0574001d06fe001b5940631dd6aab571de

    • SHA512

      b8ae9e7a37323bf0efc9144d4b6c58fa7902875da28f08018ba27961c24cc91096b06adfeaa5e9d561198003b39f39527b2ebdb487e8c10f3946ead1d28db9ee

    • SSDEEP

      6291456:F8Exp/3cVyzTRig27WSQcLH/zp3bZSqeHVLNTwrgGzjaB3E/QF9hidoK:mExp/3cVyzTeQcLfzpcur/c9hz

    Score
    8/10
    discoverypersistence

    • Modifies RDP port number used by Windows

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks