Overview

overview

7

Static

static

1

SketchBook...64.exe

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SketchBook_7.1.1.284_Win64.exe

  • Size

    55.1MB

  • Sample

    240618-pbry2sxbmq

  • MD5

    db3267a570141f8b59abdfabb69383cc

  • SHA1

    09cdd5832511ec0a7b91ce4eb5665d40adea2490

  • SHA256

    8b7da1f1949d348f6082b011185ed0c2702465a442e6fd73d9a908a1ccd842b2

  • SHA512

    6682f8a7a433321cebb4a53267b96d3693e7e5b3bfc94cee1d278cba694a9673c82fba57cdba5d5fc2e5ced403d28018e8c9f7ca61652f34292e6f085b22130f

  • SSDEEP

    786432:rvbLTs2LWQOu5OcVg/bEiHqWxEPWw2bKBsw7t7kOWZ2xIMhi2OZQYFUpGtXV:rDspQOu5u/VnTmLtoGI4iv/rr

Score
7/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      SketchBook_7.1.1.284_Win64.exe

    • Size

      55.1MB

    • MD5

      db3267a570141f8b59abdfabb69383cc

    • SHA1

      09cdd5832511ec0a7b91ce4eb5665d40adea2490

    • SHA256

      8b7da1f1949d348f6082b011185ed0c2702465a442e6fd73d9a908a1ccd842b2

    • SHA512

      6682f8a7a433321cebb4a53267b96d3693e7e5b3bfc94cee1d278cba694a9673c82fba57cdba5d5fc2e5ced403d28018e8c9f7ca61652f34292e6f085b22130f

    • SSDEEP

      786432:rvbLTs2LWQOu5OcVg/bEiHqWxEPWw2bKBsw7t7kOWZ2xIMhi2OZQYFUpGtXV:rDspQOu5u/VnTmLtoGI4iv/rr

    Score
    7/10
    discoverypersistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

3
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Query Registry

4
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks