Extracted

• • Target

    Nova Mod Pack.exe

  • Size

    121KB

  • MD5

    5c76d15a7d3f57f26edc494bd9db318b

  • SHA1

    cfa089d8d7e9fde67b6cb85827d33431b2d80066

  • SHA256

    af872e954905dbfeb165da42d722889a7dfc4b84e88b52c9abc9de18a1a9d74f

  • SHA512

    3d7a621dcb56a8d8ded08e49c34c77071bcb8e8f408acd2ec9c00ff887342d1e3be935f3ad56b33ef7a96d0d85e1e36b6cccc9498a2b0fe96dab7b5d5747c1fb

  • SSDEEP

    3072:0ojAQkj90n5EIrHshi+LFUWHnGWdw8OkG2Li0HbovOm:YjWnSeGisFXnJw8Ziib

  Score

  10^/10

  defense_evasiondiscoveryevasionexecutionpersistenceprivilege_escalationtrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • UAC bypass

    evasiontrojan

  • Grants admin privileges

    Uses net.exe to modify the user's privileges.

  • Blocklisted process makes network request

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Disables RegEdit via registry modification

    evasion

  • Disables Task Manager via registry modification

    evasion

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  behavioral1