99f690503d8e968e7b9576e1b835d7274c5c93e12b473b78df844fbe81cf3352 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

Nessus-10.7.2-x64.msi

windows7-x64

6

Nessus-10.7.2-x64.msi

windows10-2004-x64

8

Sharing

General

Target

Nessus-10.7.2-x64.msi
Size

100.4MB
Sample

240523-aqb4taeg54
MD5

1f37134300996d73b90e303ed43015b0
SHA1

76902f797742ba3737c98227bde0d6d17041d4ec
SHA256

99f690503d8e968e7b9576e1b835d7274c5c93e12b473b78df844fbe81cf3352
SHA512

aabfada28cc0ef764c800c207d9d03ada7c7e8eec543ebea653c1f999c052a4e02142c18419e446a432fe68010f3cb6855f3df3356f8202a71243eebac7060e0
SSDEEP

1572864:wmptsYXW8boLwo9N9l+uPhsw1OFe2h+ZdhwBasWvEghI3yuLsa2Phzsu8oGK++h:aYm8b8GJWO4JdhwBasWrhIRLsf4u8K

Score

8^/10

discovery execution

Static task

static1

Behavioral task

behavioral1

Sample

Nessus-10.7.2-x64.msi

Resource

win7-20240221-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Nessus-10.7.2-x64.msi

Resource

win10v2004-20240426-en

discovery execution

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  Nessus-10.7.2-x64.msi
- Size
  
  100.4MB
- MD5
  
  1f37134300996d73b90e303ed43015b0
- SHA1
  
  76902f797742ba3737c98227bde0d6d17041d4ec
- SHA256
  
  99f690503d8e968e7b9576e1b835d7274c5c93e12b473b78df844fbe81cf3352
- SHA512
  
  aabfada28cc0ef764c800c207d9d03ada7c7e8eec543ebea653c1f999c052a4e02142c18419e446a432fe68010f3cb6855f3df3356f8202a71243eebac7060e0
- SSDEEP
  
  1572864:wmptsYXW8boLwo9N9l+uPhsw1OFe2h+ZdhwBasWvEghI3yuLsa2Phzsu8oGK++h:aYm8b8GJWO4JdhwBasWrhIRLsf4u8K
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Modifies file permissions
  discovery
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

discoveryexecution

© 2018-2024

Terms | Privacy