Overview

overview

10

Static

static

3

ethernet enhancer.exe

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ethernet enhancer.exe

  • Size

    4.5MB

  • Sample

    240530-d29q1ach4s

  • MD5

    482a8ea032b636c0f52b12ebbed133fc

  • SHA1

    ecea8a4c35bdbe4ec417f8899e11eb30f096b1b4

  • SHA256

    5854d49d2e7a340408b0c0c3ad6e227d73ee27da34feebe3633a5c03faaf78e6

  • SHA512

    f8320ee82b5df269ec052a8d3820bc5b03076304535ae687db8be544cf0f136cd497e045ad91256b167aa3e93ec2087f3749c01e68add8babd78825acb91707a

  • SSDEEP

    49152:bFvBmt6/5y3bZ1RhdoI4Sa9QWFdy32ZjO8HpK2t6xlW4Br0ZsUpowmdOeyV/3u3H:BvBmQxI2O32w2tjes/3ua

Score
10/10
execution

Malware Config

Targets

    • Target

      ethernet enhancer.exe

    • Size

      4.5MB

    • MD5

      482a8ea032b636c0f52b12ebbed133fc

    • SHA1

      ecea8a4c35bdbe4ec417f8899e11eb30f096b1b4

    • SHA256

      5854d49d2e7a340408b0c0c3ad6e227d73ee27da34feebe3633a5c03faaf78e6

    • SHA512

      f8320ee82b5df269ec052a8d3820bc5b03076304535ae687db8be544cf0f136cd497e045ad91256b167aa3e93ec2087f3749c01e68add8babd78825acb91707a

    • SSDEEP

      49152:bFvBmt6/5y3bZ1RhdoI4Sa9QWFdy32ZjO8HpK2t6xlW4Br0ZsUpowmdOeyV/3u3H:BvBmQxI2O32w2tjes/3ua

    Score
    10/10
    execution

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks