General
-
Target
Pindanoten.docx
-
Size
16KB
-
Sample
240503-kp6xxada58
-
MD5
e31f66b3181378d484e6c915285f2096
-
SHA1
640043b5ef2d2e698257d68b222fad7ea122a0f9
-
SHA256
c9d77a8375af041f4dfa0ac1dfeef5dbea6dc98772fe2c2386f2281da26cc7c7
-
SHA512
336f02c763cedafa47116fba2e8c49c62a4f6f1b008378d233d2457eff13df2f42c4d5baf6c153a5830a6e48c94006570861db710a4efcb02a3c729c15b8c09c
-
SSDEEP
384:dthz+09s3LGqiCIQuog46c7OMHhHML8DejstL4KvIvK:toLbibQuk7OMNNXtB
Static task
static1
Behavioral task
behavioral1
Sample
Pindanoten.docx
Resource
win11-20240419-en
Malware Config
Targets
-
-
Target
Pindanoten.docx
-
Size
16KB
-
MD5
e31f66b3181378d484e6c915285f2096
-
SHA1
640043b5ef2d2e698257d68b222fad7ea122a0f9
-
SHA256
c9d77a8375af041f4dfa0ac1dfeef5dbea6dc98772fe2c2386f2281da26cc7c7
-
SHA512
336f02c763cedafa47116fba2e8c49c62a4f6f1b008378d233d2457eff13df2f42c4d5baf6c153a5830a6e48c94006570861db710a4efcb02a3c729c15b8c09c
-
SSDEEP
384:dthz+09s3LGqiCIQuog46c7OMHhHML8DejstL4KvIvK:toLbibQuk7OMNNXtB
Score8/10-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1