Overview

overview

8

Static

static

3

MicrosoftE...er.exe

windows10-1703-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MicrosoftEdgeUpdater.exe

  • Size

    2.7MB

  • Sample

    240528-v1626adc5s

  • MD5

    19c095e1c399bdaa0663caa9162f0b0e

  • SHA1

    cb5504712ec965f7c43883f2f251823755b1e37e

  • SHA256

    38edfd7aa66f3ae1f376b9cdce558befd877d749e38306f412e8db436cb56713

  • SHA512

    a2a8e9e5140d7b306ba98d3674aa89b3e287cdf39bcf4b326148d963c38052fc65e99a17c0bf846150d71ff3efbd2c9d4b61b4c2d5847f8c9afa222af4c946d9

  • SSDEEP

    49152:9fYIxVYU98IqK6VW6tE1ZWD4Zs52YeycKk4BVhGJneLriO:VYIxVZ98I71/ZsQIcKDoYr

Score
8/10
evasionexecutionpersistence

Malware Config

Targets

    • Target

      MicrosoftEdgeUpdater.exe

    • Size

      2.7MB

    • MD5

      19c095e1c399bdaa0663caa9162f0b0e

    • SHA1

      cb5504712ec965f7c43883f2f251823755b1e37e

    • SHA256

      38edfd7aa66f3ae1f376b9cdce558befd877d749e38306f412e8db436cb56713

    • SHA512

      a2a8e9e5140d7b306ba98d3674aa89b3e287cdf39bcf4b326148d963c38052fc65e99a17c0bf846150d71ff3efbd2c9d4b61b4c2d5847f8c9afa222af4c946d9

    • SSDEEP

      49152:9fYIxVYU98IqK6VW6tE1ZWD4Zs52YeycKk4BVhGJneLriO:VYIxVZ98I71/ZsQIcKDoYr

    Score
    8/10
    evasionexecutionpersistence

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Creates new service(s)

      persistenceexecution

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks