8cad66adb36b1f4f64204a4328a063ae33695dbbd5386f761cfb56c2c0987471 | Triage

Sharing

General

Target

MicrosoftProgram_Install_and_Uninstall.meta.diagcab
Size

218KB
Sample

240612-x468fa1arl
MD5

7421b66d5262513da783747c831df792
SHA1

06ffc487a37374b15e81b4d272f78f2b574cc765
SHA256

8cad66adb36b1f4f64204a4328a063ae33695dbbd5386f761cfb56c2c0987471
SHA512

15f75477e7aa6a80eb26aadfc2d9741989a1ee8f359f7b6ddd229ea3b166f17acdfd0358b92c618de82c1d8d28854d114f46b249ead412ae3da0d82c719b85d1
SSDEEP

6144:B2CHE7b1ABl947ylLipv6jAoLmLbvzSqz9f:BbE/6K762pviSLTzv

Score

4^/10

execution

Malware Config

Targets

- Target
  
  CL_Win8Helper.ps1
- Size
  
  11KB
- MD5
  
  e7a665b03533dacfb4f3df3d8efe01c1
- SHA1
  
  8c1aa0ea2447fb6c319a1251032b3f90f1db2fdf
- SHA256
  
  1a1505f948eb08624a4a7380ca25ef18654b5c0a15df9988209f70e958f5337b
- SHA512
  
  294dd1b62bc9d6d1b01c6fbfc27864b0e45c1cdb4cfea6cc109490b9874420f66ad15afdf988af870926631952439a2faae608db3e97744b21d464fc4cc57189
- SSDEEP
  
  192:oK5+re5p31lwtRZizkYeOcJlQwHx7cprxi8RZkeuYT1bLKRoguwCsXsoz+ppjGk6:J9AtizkY2JSU7Mrw8Rme/T1bOw7gs3zG
Score

3^/10

execution
behavioral1 behavioral2
- Target
  
  DiagPackage.dll
- Size
  
  2KB
- MD5
  
  0ae02945834e3a8be734dee01ab879d9
- SHA1
  
  39a55df41bf82bbb08a4544295faf3ced62d11ca
- SHA256
  
  be2f0bac4a5ae87af8f6bab5875c0977792ee5ca5959a96181c146976b671fd2
- SHA512
  
  22a5568c37bfbb373702eed748218e5eaf411f2ffedbdf535316c6ca20cddb57761b0b71eb36a9e133993dd89faa9c43659419d79d9f9d328d85800e4bf7518b
Score

1^/10
behavioral3 behavioral4
- Target
  
  MF_WindowsInstaller.ps1
- Size
  
  11KB
- MD5
  
  266c4c475454ab9d7f6e9be97bb60964
- SHA1
  
  76e74e4930a436ed7158078be0b9fc8c8e8e0a71
- SHA256
  
  c79377a9a222fbd6578c7c1129b4f1e751f4b556ff0b751483d2b7b7ef82b268
- SHA512
  
  7fe007c7407daa72900be1a284d58f740ef4963c65649b856653040ac3fa8fc401ad2e4f2b0795656e40a895cec198c44549e07e39725692d49e9136e40aa272
- SSDEEP
  
  192:jd0/OrwjHUIy0DvUizkYeOcJlQwHx7cprxi8RZkeuYT1bLKRoguwCsXsoz+ppjGR:jyWrwoAQizkY2JSU7Mrw8Rme/T1bOw7Y
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  MSIMATSFN.ps1
- Size
  
  88KB
- MD5
  
  653ae832268cc19c84817d86e4a976b5
- SHA1
  
  e278fbf01b65c6d73fd9f19a787b3cf50a5a7d3b
- SHA256
  
  c8e366db1f77b7efa57e4b9c4db6e4ad1c82c7429d33944ad3f717d0731d7e53
- SHA512
  
  a85ad177b99f2a9835a418a965584e346b36b3a1fec0bfe565ea2670c92f69b623213fed92dc082f149942c75bdec64935dd9a448d8a74f9df8f5bb39be70801
- SSDEEP
  
  1536:VNzJiCPnUfTxgrSBVmUerHC+SDUJJ/aA9jKx4W/pF9/9VF:VNzJsVmUergUJJ/aAxKx4Kz9lVF
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  RS_MissingPatchCache.ps1
- Size
  
  11KB
- MD5
  
  09343a5f4abec165faef3f574d4dde03
- SHA1
  
  1bd223b390e8f10a7859cd093ffa028b4f484ff3
- SHA256
  
  e56c4a6e00d206c88399257ee93f20a9862dd52eceeb5c8a627509c274516b54
- SHA512
  
  8bd1cf13d7ce0a6e534aedca328019cd97e83e78094f92e3df4eeab76dddce85868d487e21a419bf0dc1659c9a6e7e0a38a2f8a9b0f1ceff3d64639192fec36d
- SSDEEP
  
  192:jd0/OrwjHUlsYuD9kYGIdRQwHx7cprxi8RZkeuYT1bLKRoguwCsXsoz+ppjGAw7b:jyWrwoK9kYTYU7Mrw8Rme/T1bOw7gs3k
Score

4^/10

execution
behavioral10 behavioral9
- Target
  
  RS_RapidProductRemoval.ps1
- Size
  
  13KB
- MD5
  
  ccf5400a91c0d3c5912eecf966f468c2
- SHA1
  
  1888420720ddb379d801892b3a1a6df7a9a551ee
- SHA256
  
  90d1e1c152fa5a52c02f7b256bf00220e5e61c25748472fe9ab5b73b37337e86
- SHA512
  
  6eaaa99b170758e5fd27812217dfe7d0a9cdf057191d73f3b8cb95c9168041d07f76af0b98a794386f960c5c03ad6d1347e462dc3188ad3b8e866ec2219ac2e8
- SSDEEP
  
  384:jyWrwoJizkY2JSU7Mrw8Rme/T1bOw7gs3zW+L0gxqC:jyWVizP20IMUmme/T16wEF+A8qC
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  RS_Wow64Detect.ps1
- Size
  
  10KB
- MD5
  
  4d50f1bd2c0171a9ecae29c5f81abd8e
- SHA1
  
  c00e6f06343dbf31c907190e8fc1ab0998e4fb3d
- SHA256
  
  1e41f88756ef5f354f3cfa8a793e34b324d30a109f65efa93af2f9830a3ad530
- SHA512
  
  72d8e47d2e7d5034f33abb9be3a7ca7683b7dce9578093d61b51ac6b870da4a45f24df1d618340997c954c0c4dbee9af5bf186dd23ae365abf52dad86182941b
- SSDEEP
  
  192:jd0/OrwjHUymNHgkYFQwHx7cprxi8RZkeuYT1bLKRoguwCsXsoz+ppjGLww+JIOK:jyWrwo/NAkYyU7Mrw8Rme/T1bOw7gs3O
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  TS_MissingPatchCache.ps1
- Size
  
  11KB
- MD5
  
  1c3130b9ab767b08ea09fc1cc97de844
- SHA1
  
  5ca449dcae2d457b4d1b0f2f317c03c753ef264a
- SHA256
  
  7fdefec9551db1f40a54d397c441bc4e5505eb8401aae148e90437ece414b296
- SHA512
  
  df7b89d330ba0e21b57032fd646ba14eef81f0afb2f1bcfbbbd4cd0990e2081495017fdcf2b89e63bb35bfb9a78e6ac52436537b0b7d6bca775722dede362cce
- SSDEEP
  
  192:jd0/OrwjHUDr5THgkYFQwHx7cprxi8RZkeuYT1bLKRoguwCsXsoz+ppjGAwThhj5:jyWrwodAkYyU7Mrw8Rme/T1bOw7gs3za
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  TS_RapidProductRemoval.ps1
- Size
  
  17KB
- MD5
  
  b992b782ea363cce60a811d959c00f4f
- SHA1
  
  38326e5bd52a413777c5bfd917b81e91b73dc3d5
- SHA256
  
  540544802506667b3af961d01a153117229273c1513b157fa2e53390ab298ec5
- SHA512
  
  0fd6c8fdd1c32439a6a416ee855e7bcd72927860d1bcb17c56730986b79e1b83f43ea2f5f321a92f7111afbfc67598405bc47b0b44c56044e27bf778ab90bce4
- SSDEEP
  
  384:jyWrwowLKL5F0MAXWnc6FXLoUtAkYyU7Mrw8Rme/T1bOw7gs3zWCL4kXf:jyW0LKLMOXAPyIMUmme/T16wEFCHf
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  TS_Wow64Detect.ps1
- Size
  
  10KB
- MD5
  
  752fc0f7f2e8f51c3dd7eb4ec326851e
- SHA1
  
  ae601e9c3be79ef83c9acd8e3f475993aae7ea52
- SHA256
  
  3cf9d09cfed81ced96b3e74638ae908b9df2cd6da5ed94be859fc523f8f0c57f
- SHA512
  
  65f1b5a8280e3f46deae300240dcb2addac8479fb846185b13f5b15abcfb7b5a243e910218a7d1f1cfbed0d6d7d21be3a73f480f9686f7e2a98dd9229d777d11
- SSDEEP
  
  192:jd0/OrwjHUX0DOEZizkYeOcJlQwHx7cprxi8RZkeuYT1bLKRoguwCsXsoz+ppjG6:jyWrwoX0zizkY2JSU7Mrw8Rme/T1bOwT
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  VF_RapidProductRemoval.ps1
- Size
  
  11KB
- MD5
  
  0584e18ffd7fa1a59b7e27e35ade1231
- SHA1
  
  1dbc15e8772233ae8bb31ef08d4237fbd88e88d8
- SHA256
  
  f993319dc562e42b54d3081d8d6107b052a0630777cf0f650380345c293c44fa
- SHA512
  
  a98530572a21d0322bff722385536e382e59af89b90a8747bc081e21dc74e127294998f5af3f0e9d0cc563d1d701f35c152e132fa6d065e4eba5d727a041c9ad
- SSDEEP
  
  192:jd0/OrwjHUEu5YuD9kYGIdRQwHx7cprxi8RZkeuYT1bLKRoguwCsXsoz+ppjGBwx:jyWrwoJ9kYTYU7Mrw8Rme/T1bOw7gs3B
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  Win8GlobalDetector.ps1
- Size
  
  9KB
- MD5
  
  b91c765f07e2857eb91024c92e10f873
- SHA1
  
  941f470df82b05c6656cc44ad24303c4920702c0
- SHA256
  
  4114c01eeb71d9d7e7d9466e26ee5f22099c3ebf251ad6c74cdc1fe8fbe7beb6
- SHA512
  
  29a39ef8f5b2379f1abca6eaefc17b126d7dbb0e2de0a5943f773127e0340df89b2b22c4ee0e91c2600bff8aca4b6749370cb768d1683ef5fad3ba6925162ae6
- SSDEEP
  
  192:3MHgkYFQwHx7cprxi8RZkeuYT1bLKRoguwCsXsoz+ppjGUwYJ8/w:cAkYyU7Mrw8Rme/T1bOw7gs3znvJ8/w
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  Win8Library.ps1
- Size
  
  10KB
- MD5
  
  779a985254fca2e22516c491c27a1967
- SHA1
  
  ce8e1b8386fa90517e8c7da2332d83e76a44814e
- SHA256
  
  fc240d49f3d6c2e6ca087c3ca17d5de347239ffdf0a256587c74ce1d294bc531
- SHA512
  
  7a694f29a2f86def8eadd90491e5022f14c94a8985bb46a8448c6f2b3a4e7c8f9529edc2848b1c946fae88f876ed13347f5cb797ec1cd6556277004c98c9e023
- SSDEEP
  
  192:qYA3vhHgkYFQwHx7cprxi8RZkeuYT1bLKRoguwCsXsoz+ppjGtwTFwDB3z:qrZAkYyU7Mrw8Rme/T1bOw7gs3zueiV
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  Win8RC.RS.ps1
- Size
  
  10KB
- MD5
  
  3054b831be9592ac9d0e143e1c513ed7
- SHA1
  
  6b0df28d486b93c6cebddd2229dec064d79929d7
- SHA256
  
  873cdef0cf7dcd6aa8111fc43e18c9389b57c4a7d84234babfc6453410e89a23
- SHA512
  
  b30cd9d2ee974abe5bb55f9919af7772c988353ca32fc3580e464d8a3b41c66ae31181907c59364f2bb930958fe76989f081880a69433c6ee063042f75109ed3
- SSDEEP
  
  192:85JlHgkYFQwHx7cprxi8RZkeuYT1bLKRoguwCsXsoz+ppjGLwoNYnlp:IAkYyU7Mrw8Rme/T1bOw7gs3zsjNYlp
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  Win8RC.TS.ps1
- Size
  
  10KB
- MD5
  
  a14f7f9e86dbc28f71217b6198886939
- SHA1
  
  4b713384465aec3adb2aee528bdac667c33fe4d2
- SHA256
  
  175733a2fddefbfa0afa4749ccde1e959e212bb45ff4d31b736fe1aa962cae70
- SHA512
  
  779bd5277abe412d17201864d2e174a204ad1889f2140a3085d9d0727a4727b2881ed4546c43086c0a7d130a105a52d1312dc7608eebe8dbc99905c371fa05e8
- SSDEEP
  
  192:DETyaHgkYFQwHx7cprxi8RZkeuYT1bLKRoguwCsXsoz+ppjGLwZ1yNcD2:idAkYyU7Mrw8Rme/T1bOw7gs3zsa1Xq
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  Win8RC.VF.ps1
- Size
  
  10KB
- MD5
  
  378e5f0a90ab090db58fbe19994db9f2
- SHA1
  
  db95bfbc0621867b38d5b16f17b7ca5e1de8ba5e
- SHA256
  
  6530692142bfbb012fb30f66cec8868fddb66d7431db55680de6f2c1f262dcca
- SHA512
  
  e5c0b665fc5a7fc97d2522ecdb25330bcddaf859c695d3dafaff516770fc317898886c2e0fc96e38ecd1ee439f96441d615399a57610ecddb0820a581e4c4967
- SSDEEP
  
  192:bsHgkYFQwHx7cprxi8RZkeuYT1bLKRoguwCsXsoz+ppjGLwPWlmIwMu:QAkYyU7Mrw8Rme/T1bOw7gs3zsAWlmOu
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32