General

  • Target

    TEST.exe

  • Size

    923KB

  • Sample

    240612-xja99szcmj

  • MD5

    d0d863d3c2a17fd6b0d1e264a7d39f9b

  • SHA1

    33ee5984eca0a735ce2ae6934e5df30f1a5ee98f

  • SHA256

    15abec796d968d1aac736126867da505860d1513f621e5a3a6516b0986400e30

  • SHA512

    90e7285d26e9f6027a482f6c305f26c82aca97726a4cb8d9c5526263c8e73e7b3f5dd9de32cfd2ff94072f143eddb77e955a4cf15585d90ec23b358c19db5e0a

  • SSDEEP

    24576:IT3xdzHOjGxlamlgC2VEJiyqBEbJaUmf:IT3mKnJ2iqBkJ5g

Malware Config

Targets

    • Target

      TEST.exe

    • Size

      923KB

    • MD5

      d0d863d3c2a17fd6b0d1e264a7d39f9b

    • SHA1

      33ee5984eca0a735ce2ae6934e5df30f1a5ee98f

    • SHA256

      15abec796d968d1aac736126867da505860d1513f621e5a3a6516b0986400e30

    • SHA512

      90e7285d26e9f6027a482f6c305f26c82aca97726a4cb8d9c5526263c8e73e7b3f5dd9de32cfd2ff94072f143eddb77e955a4cf15585d90ec23b358c19db5e0a

    • SSDEEP

      24576:IT3xdzHOjGxlamlgC2VEJiyqBEbJaUmf:IT3mKnJ2iqBkJ5g

    • UAC bypass

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Disables Task Manager via registry modification

    • Stops running service(s)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks