General

  • Target

    TEST.exe

  • Size

    923KB

  • Sample

    240612-xj7cpszcpp

  • MD5

    52cb2534c86efc9bffc5d3ad08efe166

  • SHA1

    d8df113d72d851b5501fcdc9c48f9b3cd0757e8e

  • SHA256

    7f77c53112dc29ed14c092c99924b5cb8835c3f215aec9534142be942bb3c907

  • SHA512

    eb8312de6598b0417d2c1db8e5c17f1e23225014934593cecfcdb05b7e70ea273723c98d0cb5b4c3e191aa32368460e55054873f91122e5e1b259c301148a864

  • SSDEEP

    24576:qtKr1z0WfniJUQzGhKXDqt7xwteXSqRZVOJG0a4dtsU8:qtvWkUQzGhUDp0SqR6iQy

Malware Config

Targets

    • Target

      TEST.exe

    • Size

      923KB

    • MD5

      52cb2534c86efc9bffc5d3ad08efe166

    • SHA1

      d8df113d72d851b5501fcdc9c48f9b3cd0757e8e

    • SHA256

      7f77c53112dc29ed14c092c99924b5cb8835c3f215aec9534142be942bb3c907

    • SHA512

      eb8312de6598b0417d2c1db8e5c17f1e23225014934593cecfcdb05b7e70ea273723c98d0cb5b4c3e191aa32368460e55054873f91122e5e1b259c301148a864

    • SSDEEP

      24576:qtKr1z0WfniJUQzGhKXDqt7xwteXSqRZVOJG0a4dtsU8:qtvWkUQzGhUDp0SqR6iQy

    • UAC bypass

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Disables Task Manager via registry modification

    • Stops running service(s)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks