General
-
Target
c88dbfa8510ba03e204e2458434be95cb232f34a0b530a299ba6fdecd3c39820.exe
-
Size
5.3MB
-
Sample
240604-caq9xaaa56
-
MD5
3974c5d0b92366bbc9af950c8d7f898d
-
SHA1
1b141b9cced64d1b86cd9d3460062ee7ecd34357
-
SHA256
c88dbfa8510ba03e204e2458434be95cb232f34a0b530a299ba6fdecd3c39820
-
SHA512
6b786fcf6ad40c3f8007e55242db7794f640177f3394a49a3ac9dc3b6cf3588eefe8e3db8ed21d9fcc3962de50d48c6c28867ab92a7da324389e19b9642170fa
-
SSDEEP
98304:6dabsLaGmmo105PwezFkinGRvGmWxsEI9KHkfK7JwzlHhvSasMwpHNr:6E1m1iiEuf9WN6Qm5
Static task
static1
Behavioral task
behavioral1
Sample
c88dbfa8510ba03e204e2458434be95cb232f34a0b530a299ba6fdecd3c39820.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c88dbfa8510ba03e204e2458434be95cb232f34a0b530a299ba6fdecd3c39820.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
c88dbfa8510ba03e204e2458434be95cb232f34a0b530a299ba6fdecd3c39820.exe
-
Size
5.3MB
-
MD5
3974c5d0b92366bbc9af950c8d7f898d
-
SHA1
1b141b9cced64d1b86cd9d3460062ee7ecd34357
-
SHA256
c88dbfa8510ba03e204e2458434be95cb232f34a0b530a299ba6fdecd3c39820
-
SHA512
6b786fcf6ad40c3f8007e55242db7794f640177f3394a49a3ac9dc3b6cf3588eefe8e3db8ed21d9fcc3962de50d48c6c28867ab92a7da324389e19b9642170fa
-
SSDEEP
98304:6dabsLaGmmo105PwezFkinGRvGmWxsEI9KHkfK7JwzlHhvSasMwpHNr:6E1m1iiEuf9WN6Qm5
Score10/10-
Modifies security service
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
2Service Execution
2Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
3Windows Service
3