General
-
Target
EpicInstaller-15.17.1.msi
-
Size
176.5MB
-
Sample
240618-tkjfgsvdmq
-
MD5
7a2cf04ac0c504a8ea5aed805dde484d
-
SHA1
0536d7a178d1a42cea1476ea6b44bc53ed26bc63
-
SHA256
6f3f486d7a8409fc174198818c039152c6268bd9fdf210ee6be1c91bf832b7e9
-
SHA512
42aeed1d015ab279df3065e04adff8001672a13180f4d73121ace3bc8989783f12c7a5d0b50c684c74fd138fc1b4f451439acd7b6342d4f60c7d3a18034e0988
-
SSDEEP
3145728:oyKHxXZR5bsPL+buxE4ynkX+kKbtt3V8mIeDLhZ8muXNNE7byK88OmTZbOW/rXi:IP4PAwUnkuk8BNbLIxg7bUQ
Static task
static1
Behavioral task
behavioral1
Sample
EpicInstaller-15.17.1.msi
Resource
win11-20240611-en
Malware Config
Targets
-
-
Target
EpicInstaller-15.17.1.msi
-
Size
176.5MB
-
MD5
7a2cf04ac0c504a8ea5aed805dde484d
-
SHA1
0536d7a178d1a42cea1476ea6b44bc53ed26bc63
-
SHA256
6f3f486d7a8409fc174198818c039152c6268bd9fdf210ee6be1c91bf832b7e9
-
SHA512
42aeed1d015ab279df3065e04adff8001672a13180f4d73121ace3bc8989783f12c7a5d0b50c684c74fd138fc1b4f451439acd7b6342d4f60c7d3a18034e0988
-
SSDEEP
3145728:oyKHxXZR5bsPL+buxE4ynkX+kKbtt3V8mIeDLhZ8muXNNE7byK88OmTZbOW/rXi:IP4PAwUnkuk8BNbLIxg7bUQ
-
Renames multiple (125) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Blocklisted process makes network request
-
Modifies file permissions
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Component Object Model Hijacking
1Installer Packages
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Component Object Model Hijacking
1Installer Packages
1Defense Evasion
File and Directory Permissions Modification
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1