8c0d64f0a9e3bea13f2c3aeafc670e62aaf396ba114c463c97e272464b4d8efb

Sharing

Copy URL Twitter E-mail

General

Target

1b9927.zip
Size

468.3MB
Sample

240706-1bjhfswckg
MD5

37706ac4b3f7d75499dfc01c74136fb5
SHA1

b1f84d58c93643ac5d42a36a9dbac033bba34b40
SHA256

8c0d64f0a9e3bea13f2c3aeafc670e62aaf396ba114c463c97e272464b4d8efb
SHA512

21c9c1872fdac008216d218d89277874bf140daf417009b4deb002700e7b8239e34f9103a623a26a7fe6f77ef669153864a16d739423ffc977b0dd7de89fca3a
SSDEEP

12582912:lVgrWP7LxOp23JyW4Z3+QZY8lUUCZ5uY/576jBRg:lVgr27LxOp2W8cPCZ5uY/578g

Score

6^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  1b9922.msi
- Size
  
  115.1MB
- MD5
  
  234d67a553a1de115e9104160ca80084
- SHA1
  
  77c3b5945bde225c31fc94c086d147ac6ded0671
- SHA256
  
  8508f711d32feef3bece3721015778820eadea6b4c0490ffcc86eb3713a9d71e
- SHA512
  
  72b8b2810e60f9c00c99423951c31c303df1f000ac7061b4d9edf5f867b52a5fa97051abc30573e68b43baf346f66f221136cd1a754b1428c476173c6915611f
- SSDEEP
  
  786432:uznv0AiAYD+QrHXcaz+Ra/KlVk7HkWva95S150ja0rLzsMEqPpClDDqzDD3ccC60:2clZr3LrKJkXNLT7e0vR5aG1Dv
Score

6^/10

persistence privilege_escalation
- Blocklisted process makes network request
- Checks for any installed AV software in registry
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  1b9927.msi
- Size
  
  94.2MB
- MD5
  
  f740670bd608f6a564366606e0bba8da
- SHA1
  
  c635e8453bf0f06c34d41d3319670e5dc966a5f4
- SHA256
  
  ba3cdc5190b44da96e5ecb5f39e2cbe3713984dc8062cdab679c759de51500b1
- SHA512
  
  88f1e800265e4e72f914e50240a6a7cca630ea4bcd6981be13237cc6f42b182741542b907737490a367453c179ace55fb64c3e0fb2cb6ecf1bace7a442458e0e
- SSDEEP
  
  1572864:SX+lBWb7cVOxi2CDRq/SUx6EIL2CjmFkm+pF7Vxo81MOL9vh12epl37cTLiAhRLh:nLYxsRq/76L2CjmCZpRXouxvD6LbhRHJ
Score

6^/10

persistence privilege_escalation
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3 behavioral4
- Target
  
  1cc2ce.msi
- Size
  
  1.0MB
- MD5
  
  654b4847c1d00bfeaea115fa5df12845
- SHA1
  
  66f95004c025d48a8bae158e009a1391a8f33f7d
- SHA256
  
  c210e0568528004a0ebf15876edacfa42767249427f06029007c5efe157b9e8e
- SHA512
  
  99da0779f2d640353be818e5b253a0119276c7306979d67b20508ae9623ef80d7e9b09978c46befea3508d52ede64af77b890d5fd75029383605fe1988980b67
- SSDEEP
  
  24576:Jl/xpovgnzdM1R+KtVv1gg/hHs175FfqNaXTL0W8ABZxVZk:Jl/rovgnzdMRtcg/Y75M4XXH8MZxVZ
Score

6^/10

persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral5 behavioral6
- Target
  
  2c7f8ce.msi
- Size
  
  4.2MB
- MD5
  
  1f882313b939a3228cfb8a2c9a08a977
- SHA1
  
  81e574958dee5ddb002cb3895299b8ad8f58e834
- SHA256
  
  55e04b5800b2d9fcf21b2f0da2e2a646a4f9839d0b7521aabc9317d743679019
- SHA512
  
  10d0725245b0a2027e7f8f69d5169d9123bf58a4b302e058f6a2040e030b455445601f7eceed9d6736486341f16c20ba5997437c0b6189136d1850062d236273
- SSDEEP
  
  49152:xLcwoFqATpfxTq6nU4Q6/cNKZqvnA53i43Er5qBUZhYPfyJ2nQ99GMlZN5cz3kiX:ZoRTq6U4Q6ksSrgB4X99GRp/ZgMZT
Score

6^/10

persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral7 behavioral8
- Target
  
  33710a8.msi
- Size
  
  1.9MB
- MD5
  
  57495031128fd7e43944985d50b9236c
- SHA1
  
  4c2d9dd9c3af78f17fe8073b9c13f1b57df3f607
- SHA256
  
  3b0e91e73a16d80165cbf693437719b23c1fd7bad72caf0e92274b277b3c2d38
- SHA512
  
  bcc6cdf153fd5975667e7514d210c2e23af8244b7e90ea83dbf2ddfd390274b5c0718a4e7c202e394550bcdcaf3d604c52758c648fba01fd8eddf463cca05616
- SSDEEP
  
  24576:zuatqfKJuyi4QX851wfM/3FvhBM1zqxXY1smwdWA5Gzn2oGCe5s:zuahTa851wfM/3FH2sH35Un2oGCe5s
Score

6^/10

persistence privilege_escalation
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral10 behavioral9
- Target
  
  37266.msi
- Size
  
  127.8MB
- MD5
  
  822ced732c4ccc954a0c758877bf052e
- SHA1
  
  f86e5e772108498a36fa26d9c1ba908977953bbd
- SHA256
  
  c2b94e81ab4ba2780016cb28a7c07c87b570f65d26dc7d3dc91a1016d69028af
- SHA512
  
  ae34d7170f5530db62f8112c35e5e112719fbe08746cb569bcd48f3d66c406eb6dd76222b5216ad3c14c0474fc5f4b90330b72a5af203659a636990001a29bc6
- SSDEEP
  
  3145728:Sq4AQc3DyHq1XGDA+1jKkHNONscMbYsnomEhSOJck:byHyXV+8EUNebNJ
Score

6^/10

persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral11 behavioral12
- Target
  
  4514efe.msi
- Size
  
  104.0MB
- MD5
  
  339876c7c3b2ea57c0be4bbf6de32155
- SHA1
  
  a8925dc792c038a1e3cff94122e3aaadc563f06f
- SHA256
  
  95b05230f761da90c64e88f6456000d331cf9591b546e5850e7f065a179dbbe6
- SHA512
  
  7d03ed9728e3aaa957455584480085acfa2953eb547670e85590569f2e009aba7bb552bad406336a6ee22c65acf52da632504ce716ced2bb8bb18fa1e03ae187
- SSDEEP
  
  3145728:4Tdp/Gww7IEwmuQYIuSwHn9B4mzL8M6Wfw:4Fw70RQYIfwM6Q7+w
Score

6^/10

persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral13 behavioral14
- Target
  
  5d068db.msi
- Size
  
  8.1MB
- MD5
  
  a42b686ad4ba53838ac2981459d829cb
- SHA1
  
  fc4be98c4a3926662ea0d500f2ca4f60fdd9a74e
- SHA256
  
  29d3885ca44e98f0162501a0893c5cfcf63ec3036bfbbc815665dd1686237e58
- SHA512
  
  0d2a45b4adc99c89c43a82f5c15885cda842d806e0de39a59b4d065d54001194dfd77bdc33f78f300619f1b5f0bf97fbdf7ee8aa66b62e3de59538734cb7be92
- SSDEEP
  
  196608:6p2aSscNwPZRFh+SYbHrxzJwPjXIjUEso2h:6Lce+tznjNso2
Score

6^/10

persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral15 behavioral16
- Target
  
  747d8af.msi
- Size
  
  180KB
- MD5
  
  5611efd8725e779c15bf3220d2efb77c
- SHA1
  
  517c154429d5430452994d13bdbe7be8ba4da666
- SHA256
  
  b5d66e8ab0d2b33278d2cabb055be5a5043022bd0c36fe07d9d64a3830dd255a
- SHA512
  
  d301f553ae5c8152cf9c5310ed9ddc330fddedce6ca858aedc31fec4e1e6aed40aa8917030f060c101f0af543e7b4b306bc8422bc7231bf50da61b14fcb1fa30
- SSDEEP
  
  3072:QHviOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJdnp:wvipBaTDo1j//SZh
Score

6^/10

persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral17 behavioral18
- Target
  
  747d8b8.msi
- Size
  
  180KB
- MD5
  
  bea14c730a3e9bf19a0737f8d48ee64c
- SHA1
  
  900c494d57e3105ff2fb4b7949204f0cc648dc3a
- SHA256
  
  9879ad78ff0c218d124d98153a44a47aefdffdf7f188f532c6dadd2a38d86938
- SHA512
  
  f426ea932c00024f2af18126e9f874523ead0061efdab7c7dbfb7c3bc9b24fb3f8ccf335b0cc384da7b6f2ba47f98ba0965fed219af74f307c99262bf7c0cf4e
- SSDEEP
  
  3072:6viOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJdof9X:6vipBaTDo1j//SZhm9
Score

6^/10

persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral19 behavioral20
- Target
  
  802010b.msi
- Size
  
  13.5MB
- MD5
  
  76b91e8a787b38027cbffe03d11f7382
- SHA1
  
  31c304a1f1ecc640152a9644ab8e495f49cdde38
- SHA256
  
  d56f51fce3ac02b3699a150044345f4e3cf268466d8cb53ba17b498fbac8fa85
- SHA512
  
  18ed23d2dbc8dcdce79625357415db2991fcc764f294a8f9563c651f6f71e7e88f841b91f92bb2a07bd44cb573ae7ded9f746048224af9e2b33a87777a2b985a
- SSDEEP
  
  196608:IaWD3aWyCPAbsBNGLJOUGpe7Ya1x1/pUU4pPElKRVZhGavapcAm:Iz7PAw2HEed9pUU4mKRVZhNvapT
Score

6^/10

persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral21 behavioral22
- Target
  
  96d2337.msi
- Size
  
  3.8MB
- MD5
  
  348db64dc7ecfc084bc5384aa2a5703a
- SHA1
  
  1cea30fb1b831a88e644494fe96eed2a97707bea
- SHA256
  
  25ff97e91e1d8e1b36935ead05e8bf92cf64ca6faff4ab9c2fdca5ad4352b0e5
- SHA512
  
  d9e681f74f759dad598abad077f75507f0461a983f2f20f411f3258fbbac524137c49f423b1fe6dbbf2d052887b8012287f8123e50359938c82f51f978eb8f30
- SSDEEP
  
  98304:fqufjWYBkGELOQOTWd4AWgQQIo0xTFgf9Gq:jHtMKhTFK
Score

6^/10

persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral23 behavioral24
- Target
  
  9c74ce.msi
- Size
  
  25.9MB
- MD5
  
  4d10d348f094ecd4a64e3338a2b151e4
- SHA1
  
  35c4ec16ed624008fc85b29f54180c3345538066
- SHA256
  
  48f9d9bb52b4960852bd67f1c514c88828fe7d9e1de336fc8146c2d1e7c1cfe1
- SHA512
  
  bec678826f8920bae33bc09355bcd611fb8b8c3e645724ffcd93f093754352d424f38ebac33568026daf7c94ecf4ced20a9f9644b3d25da1e55208df812d57a1
- SSDEEP
  
  393216:pn/RUlID0FPMLyt1M1+4Q7KuLFmSCRHqLF9OL/xnaFG41NCEQ978Yol2gD+:pn/RUXhMLNY44TBF9OTQF1pQ978YoMg
Score

6^/10

persistence privilege_escalation
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral25 behavioral26
- Target
  
  9c74d2.msi
- Size
  
  856KB
- MD5
  
  7df20d9d562dd9cac2d6cdc5fa7208f7
- SHA1
  
  49d3188918876c11a83631058dcd5e46890e499c
- SHA256
  
  52a756d1a43ddfb7eda39715a2cfa37bb474a1f24556b0d905fc73ca93122fdc
- SHA512
  
  78c9a31e58e6191785d1a73852b2e1d681778baa9052a81026b40bbb5d1fa8b9130e1fbbfab51560f17e69bc186ed68e63ac37588feccea7059ffa6f20c24600
- SSDEEP
  
  12288:T7xeimPfdJ+oZqU8VKIvZUlkj/cBhZeK4lu/XdmYwk:vxeNPLNHWvZgkjcDefMFmi
Score

6^/10

persistence privilege_escalation
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral27 behavioral28
- Target
  
  9c74d7.msi
- Size
  
  788KB
- MD5
  
  68b75bee2390abbf1ac754ff9b3d82f2
- SHA1
  
  c1624f09bc6c85df1d35d48cb7d98076182b8ad9
- SHA256
  
  00dc9866610f581223ee566bd9aaae3ca91691b89dd985f15cdbdfe778a7f2c1
- SHA512
  
  3df6d7c232e4587b555f86826f1bbdeea5caadbc34f638b1fcc910a24f62f6a6be9c4ae97e9f4b18389c3f856532ce075f212ead2e5c4c7f1da9e0876053aecb
- SSDEEP
  
  12288:wEVfqU8VKIvZUlkj/cBhZeK4lu/XdmYwj:HfHWvZgkjcDefMFmB
Score

6^/10

persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral29 behavioral30
- Target
  
  9c74df.msi
- Size
  
  28.6MB
- MD5
  
  7147f19faf4e1fd3aab745b2cb41224b
- SHA1
  
  b83f0686e7c1c0bb4f5e36648b20aabab4d61672
- SHA256
  
  ca3678ef53f5080590b9cb22ed66ad114d299c2a777b0bdc75ccec6972d873d0
- SHA512
  
  8e1a32febbb1d57da366d23bd3cc5b5db6397578541dcbd3000055980e28514b6d76e5a42906b3cab678ad71825702906d02c8422f0e410c6a2c9a297826d493
- SSDEEP
  
  786432:JDxTv8ttWiFeSlQzgVdE+z/YacJT8IUh+5AZnl7/Ban8aj:JVTkXlFeSlQcVt0rJTi+56l75a
Score

6^/10

persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Installer Packages

T1546.016

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Installer Packages

T1546.016

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

Checks for any installed AV software in registry

Enumerates connected drives

Adds Run key to start application

Blocklisted process makes network request

Enumerates connected drives

Blocklisted process makes network request

Enumerates connected drives

Drops file in System32 directory

Blocklisted process makes network request

Enumerates connected drives

Enumerates connected drives

Blocklisted process makes network request

Enumerates connected drives

Event Triggered Execution: Component Object Model Hijacking

Blocklisted process makes network request

Enumerates connected drives

Blocklisted process makes network request

Enumerates connected drives

Drops file in System32 directory

Event Triggered Execution: Component Object Model Hijacking

Blocklisted process makes network request

Enumerates connected drives

Blocklisted process makes network request

Enumerates connected drives

Blocklisted process makes network request

Enumerates connected drives

Drops file in System32 directory

Event Triggered Execution: Component Object Model Hijacking

Blocklisted process makes network request

Enumerates connected drives

Enumerates connected drives

Enumerates connected drives

Blocklisted process makes network request

Enumerates connected drives

Blocklisted process makes network request

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32