24361e74f0d87c9500ee163eeade770df3a0db6530612bdd4cd9ee891bb7b7ed

Sharing

Copy URL

Twitter E-mail

General

Target

defender.zip
Size

366.0MB
Sample

240723-swjd7azdkg
MD5

a4e98c7c0158b8a0e60b7d3fb8d5a80b
SHA1

cb42002ec3041178b00be195aa5b73d6d1c6ce61
SHA256

24361e74f0d87c9500ee163eeade770df3a0db6530612bdd4cd9ee891bb7b7ed
SHA512

d48f61a73ea6b2bed45a940cd6c615fa290b085631936da059b60f560cfe9c458236b75ef475146dccdb852c0c7ca1f0efec03d1e5213cd457ac7a299183fcc0
SSDEEP

6291456:pY5fERjppI/fqN31lD0HCi6KofULZ7UD/nT/TWuklLPGLpaOvdLDwastzQxjvcKr:KRE1QfqNHD0ipKHCD/njVklL+NaWtwal

Score

8^/10

Malware Config

Targets

- Target
  
  Microsoft.6365217CE6EB4_102.2406.5001.0_x64__8wekyb3d8bbwe.Msix
- Size
  
  149.1MB
- MD5
  
  0ffb555046aa03961d046dacf076b76e
- SHA1
  
  627ebff5ccde5c16bbe6d146b40827fb91852084
- SHA256
  
  c21e00b8d620b2bf75f0845b26e378119cb6d0cae66c1dcc2f1b7b5e733c39af
- SHA512
  
  4494a1e4394ecbec6aa053e099560a033b23ff9b384d7bfc87f1c58f3f051804cde0f2ec69b7053ff300cba1f608aa951bdaa417bd19c6be19a6206301726137
- SSDEEP
  
  3145728:V5C3Yr6sCIZAZVNSS7qu/xr/Sfn/fpi3XtpgDjSNOWdkYLuOObY+QgSsTL1E2:i3tsCIZ7SZxr/8n/qt59dtKbegS+E2
Score

1^/10
behavioral1
- Target
  
  Microsoft.6365217CE6EB4_102.2406.5001.0_x86__8wekyb3d8bbwe.Msix
- Size
  
  137.4MB
- MD5
  
  cbd534bd472b3ad01850a7fa941d5a5f
- SHA1
  
  e1967febb7e53290d0045710320b2bae54e3bc78
- SHA256
  
  beea2082a7aaa38c12b2dde9506354c01171a5a88de769661c7b654a7c1f8610
- SHA512
  
  4d35fd3116a35ae479af588bc66ee64ba20d247de67d123d263328d9e760e953840022c6a3827029783a80504a65d80a5c141f87fbd0dea9680432db6cc8bf8d
- SSDEEP
  
  3145728:SD28Zokc0Nt2JZ9WtyCVRkqdjeMTpEvJd8jU5K5IEMruYQt:SK8ZxD35frdquWvJd8vDYM
Score

1^/10
behavioral2
- Target
  
  MicrosoftSecurityApp/xpdAgent.exe
- Size
  
  855KB
- MD5
  
  54fec1cb73d5e17d02e69b098e7ef425
- SHA1
  
  e22a425af66461d941d690638291f0aa64f17fec
- SHA256
  
  70bfe6fe4adcfbae72be0190f72f3d2d1a2f3afbc57ef64d0ffd5bf9b98acfb9
- SHA512
  
  2be12478c764869a661972523cfbe1bcec55186f625c8697724d918ca5928e0d697d8143f44a686aeeca649fd895acae87248ea8b23994a9dbfe93c27968ab47
- SSDEEP
  
  12288:D0u3nYUtqCmbK0SCkn8Q+qPFU1k8QRiAfXnP:fY9K0SCkbtfiAP
Score

1^/10
behavioral3
- Target
  
  MicrosoftSecurityBackgroundApp.exe
- Size
  
  30KB
- MD5
  
  0a7535971874b148ce42455493edaaa4
- SHA1
  
  e40d65da66cb681e02265a4c4090d9231dbb9f66
- SHA256
  
  32f1b34ea367f4a023d51a63d5d96afcc8499b9d0a1f9888e1ab7c8ed30b503c
- SHA512
  
  3f10559067694b817f19abc08eae585c89769b2b0e7082a4a5d04b5d8c4b019ac438e66d20430ba88fcb947a6d698d3dd939fb100117e522eefc9ac9f99fd511
- SSDEEP
  
  384:vwN7XUAmxwPdxah8co8r0i+LyeXqHcfMmeNsm9VWJr3LWcl2HRN72+G/6fR9zsJY:YN7XUAmtb8Nitt9z0Y
Score

1^/10
behavioral4
- Target
  
  Runtime/x86/MicrosoftEdgeWebView2RuntimeInstaller.exe
- Size
  
  110.2MB
- MD5
  
  8960123c632aed7090f8a2271ee2f69f
- SHA1
  
  cbc367ac675ef0c3fb374c0c12a54f606a8423a1
- SHA256
  
  126737dd08cef315dc163877a33f5075f3693ae8ed407151ab3e6aca848ebbb5
- SHA512
  
  57da0ad05135f35e1ed9eadb858099820cafe56b519be8b2426b0f596a487412c4224719acc7011aec97567bf56b88d9f5acabd815a1ac211a3ddd838bee2ece
- SSDEEP
  
  3145728:m0PhLk1CGbnESHPkQp/GPHpqzO36vYoMF0okG:mRbbtHMMOPHpqRzoT
Score

8^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral5
- Target
  
  Microsoft.6365217CE6EB4_102.2406.5002.0_x64__8wekyb3d8bbwe.Msix
- Size
  
  29.0MB
- MD5
  
  0cb7b62c8801756d028945f78f97d5b8
- SHA1
  
  5a0196bdfcfa25ceef2ed10211f1f1e70a32b190
- SHA256
  
  a91247099303b055638b93d366ac5c9f72349b600f5c830dbc18f892c67c1b07
- SHA512
  
  7ed8f98496128252dccd26ea9319e6eccba8bf990220ca882aa429074c244f4ccc29bd5ef7c447b352b39f99c87e3b196dfec0eef92dbc61475b9247d752e901
- SSDEEP
  
  786432:qAzQRQhJNfa/CU0WQF3oS+6sCsZLWCpU0ASewF:qyJla/CUhG3or6sCsZLfpy4F
Score

1^/10
behavioral6
- Target
  
  Microsoft.6365217CE6EB4_102.2406.5002.0_x86__8wekyb3d8bbwe.Msix
- Size
  
  27.2MB
- MD5
  
  7eb22a8ee3e2cf45bafad5e3a5e5e89b
- SHA1
  
  54ea22daecf3fbc7c48d48279aa924b93e14a247
- SHA256
  
  9ff53ed36c40ba8a98e4d865be4be0dba4e9ecc5a35c1d5dfeb60aa17acbb46e
- SHA512
  
  0d25f8ff0645dbee22f6af81ba9810b68ce8c4b49ce9ebf18f5480dde4cb373dc7c7f9dda556bb0c6d95f5c16e01a84342176477dfbebc079207019edd8dad3d
- SSDEEP
  
  786432:8XbsRQlfvTUm1kiwvW1xDrZoWgDyWYqc0kwU:Otgm18v6xZoTDyKJ7U
Score

1^/10
behavioral7
- Target
  
  Microsoft.NET.Native.Framework.2.2_2.2.29512.0_arm64__8wekyb3d8bbwe.Appx
- Size
  
  4.9MB
- MD5
  
  0a16348b276c6250eb5c84142a8618d0
- SHA1
  
  cc3b900e13f913b446500dcc109213e161b31f37
- SHA256
  
  b33c87d60a9c868ec239b7e6a62575151628f29f45e4307ef4a17298dc185008
- SHA512
  
  f5968ae082b9fe66f1c0a6be5617feb046a3e4fb46fc0bea5f379aaceeb1a08d46b583f506f6157c2ba695dbfd50bf266adfbaf346cf8c78a7f2f797adbb7ff0
- SSDEEP
  
  98304:uEYHtSOAhYCjKuyQ7NRmlkrWIr7xAMKnqnEpAadFOIC8AD9RJhGEMtEGLmpYYQ+v:uoOAKgGk71E3jOIC8ADOEMijJrD
Score

1^/10
behavioral8
- Target
  
  Microsoft.NET.Native.Framework.2.2_2.2.29512.0_arm__8wekyb3d8bbwe.Appx
- Size
  
  4.7MB
- MD5
  
  f1d446cac35afec9e3aaeee53af8b0ed
- SHA1
  
  1e3cffd74dbe2a5fa14d35cd91216cac7e5f96d8
- SHA256
  
  bdf9c70e4966a4f7ce00ca7fc5179962239514be879f2aa3c1794076b7ff9bc6
- SHA512
  
  6838184f42097242d5c9740cbd09ab902162f7e14f6cc751c833c53853f3597bdd13e95e4b97cbc3e40d3ca4be7aeac0ea89c20d048938e2aa07799c76544e05
- SSDEEP
  
  98304:q3QyYIUuW29Cac8yJBr7DTG6+9JaV3eobCnq+7nO2D1RNlOZkMOWbd48JXN6aIhn:pA1Cas/G3cV3eL5iC1bZMOc3Zwa2esCS
Score

1^/10
behavioral9
- Target
  
  Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x64__8wekyb3d8bbwe.Appx
- Size
  
  5.0MB
- MD5
  
  3bcb500aa3aafa6f6e347728c2e47891
- SHA1
  
  612ad442b8740f4c57b8c84e6bf465ba4699118c
- SHA256
  
  c195047f4af9c3ff3d92c40e55a901cf7cfa08a679b8ca2543bb104bab2f7ff1
- SHA512
  
  59272375135dce7c18617516b90cd3c7ac25104037e790c219a78719766d4dc22efee868f02db384f21af014a5f8443dc86313940ca459272e9048da43383ee7
- SSDEEP
  
  98304:kwArU5QawyYSYX/hXHgE0wSsXLI9Zgl8g6AMyWsmtEgVEyrfcI5nAIAC8wRUkTPD:rtYPJXHgEdDMTgl8iPWshYZrfcsAItH5
Score

1^/10
behavioral10
- Target
  
  Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x86__8wekyb3d8bbwe.Appx
- Size
  
  4.4MB
- MD5
  
  59becee3c17162305e3108a315849f49
- SHA1
  
  af66e12c1bb9d8519da21259d0fcd88c247cb4f1
- SHA256
  
  e4c5dff287b59e27eb9da6ccd02ed1c76d3f6001eceb0f20e71eebd507b3aad2
- SHA512
  
  9e9c177c214da1cbd8eb8f7b269b3502f286d3c8b4a437e1bfd1d59c41bbf1a15a4ac1d6c7ab96fcf14d37b44b306de5985a02b989382c21f238ed1d7662c88c
- SSDEEP
  
  98304:6bBI2dAh/kRpPCcJxvJN7tuwirIT0uVDfKqIf1rMSzBg72rtQC0cL:665hC97JlUH7uF5uro72rmncL
Score

1^/10
behavioral11
- Target
  
  Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_arm64__8wekyb3d8bbwe.Appx
- Size
  
  242KB
- MD5
  
  9e1668e28232f8526248a1123baef2a4
- SHA1
  
  43a7b55eb71df71966ef2fc35758eaa5914f95fd
- SHA256
  
  47de27af62a9a31d123a522c4a74056b8a10d15307de9ebead0adf684f3df45d
- SHA512
  
  19f39b110c8d722619b03f5270c593eafe02bc1c84090e0df84df866f31c5c33dd287c6c24c2b42c4d0f3637788edb1e8e6b3f0639cc25e501c0e747c3af41c6
- SSDEEP
  
  6144:BqsXkzvMiJEbn4j7GxcwvAkhwup/zTjZx0G+WCVPc3lYedB:Bqs0LMXs7GxcfM/9TNaVWCRWlYedB
Score

1^/10
behavioral12
- Target
  
  Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_arm__8wekyb3d8bbwe.Appx
- Size
  
  210KB
- MD5
  
  001dc9eb81aadad5c56b76023c001eaf
- SHA1
  
  735760840e3b9d12382692a5d6529be9af2ae7cd
- SHA256
  
  7ccf4ef1815d479570fdcf4e462bd7d80f1bc9ae3c39c93220fdb40cc0ebaca9
- SHA512
  
  8c95e7ba20ffe5f8cbee3b511451c6e88d3341c6fc9a58f3995d1b49886c263ac749cbe70f27099193989165b6418bffd3cce7e49224d4c3dae09875f1f77869
- SSDEEP
  
  6144:i40emOyts/vIoqjY8LvBodHvyv0xWfc8vYGh:i40em1ts/vdh8LvBuvy8Mx
Score

1^/10
behavioral13
- Target
  
  Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x64__8wekyb3d8bbwe.Appx
- Size
  
  238KB
- MD5
  
  74dcc090a080498fe2f8ff1c139cec9c
- SHA1
  
  e1a85885fd4453165061351651289cce8f8590c4
- SHA256
  
  27fae660d8c609e020703bb463b6601e62811dc75db19975bcb7d68d959b527d
- SHA512
  
  55647c44524acfc25c1aa866d4ed8a73f35efe6320b458303d5f72a57517760a3b50c03d6022628cbec95e05e6f4520d89408f989e9c7a1e66e6bff9b200595c
- SSDEEP
  
  6144:m68Gjkqx9ijvvgf3WSvWUOzOA0SRljRWAnnCmq5lg:m6XM+WSuUOzv0SRlt7R
Score

3^/10

discovery
behavioral14
- Target
  
  Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x86__8wekyb3d8bbwe.Appx
- Size
  
  194KB
- MD5
  
  a4e2af92db60a0491d0b78372f3b5ab2
- SHA1
  
  f3535a3b47819a04c6d5ee18905493be086e801e
- SHA256
  
  ec7e811dca0cb511c69859c65aa1d94ccd5cc3cab3ec7f9d6bab95abb03149a8
- SHA512
  
  2ca0d278729cdce07899ff3791906f7b08bc1ed540b4a72cd72b928cf4f9bc2f58739270dc1978a82089f187898f9e333bbe07ff436e91733ab25c6898c9251c
- SSDEEP
  
  6144:WJ3mA/uF7j8Okhnw7nyK0CT5fzT38gxOe:WJWAg8OAn+VfnsgAe
Score

3^/10

discovery
behavioral15
- Target
  
  Microsoft.VCLibs.140.00_14.0.33519.0_arm64__8wekyb3d8bbwe.Appx
- Size
  
  1.5MB
- MD5
  
  0d6e09dbb6608bd7775ea925c8c014f3
- SHA1
  
  14db2b39eda03ed3f4f66540858faea7eb8ccf76
- SHA256
  
  c73d0f55dda331f9dcbefc99ff5a420b62120773d2917387639382aa478533ee
- SHA512
  
  ea40c57a5d942b9147e7f54348fa4ecbfee41058458e8c31c4b3c5001d9eaab74895144979d168eb020da24c79c3eb375adb265efc2ebce02a5a41525f428b83
- SSDEEP
  
  24576:erH0fBTK/3Lvn1FLkgbLJDriKmC0hBGw9pqodpVZ8SLqCTvCPDtkFn6Lw0kLWTs9:ej0fBTsLnNN2RBX9VdjxCLtkV6Lacs3N
Score

1^/10
behavioral16
- Target
  
  Microsoft.VCLibs.140.00_14.0.33519.0_arm__8wekyb3d8bbwe.Appx
- Size
  
  816KB
- MD5
  
  4215e63d06cfe27eb2db90d4db420602
- SHA1
  
  41cbe825eaf03d9a951e101eb7bd98519bd7fde2
- SHA256
  
  2c422523ff693689a84c109585cfa444143ac3b6b7a5cadf4858afc6a3cb750f
- SHA512
  
  d5959e3b789c29e84f556798d7a3698dcbd4fba848cfad778b39c23b537defe23aad0eb4251ccc413715e9e9a33c96fe82f3ba8daa0a7830f8a3f2714f2b1065
- SSDEEP
  
  24576:oHPTQIjF7sg5SlNUezf4QtyhwyTFA4Z0GE7baWs8EMo:oHPT5tKlNBhyhwyBD0T7bTsR
Score

1^/10
behavioral17
- Target
  
  Microsoft.VCLibs.140.00_14.0.33519.0_x64__8wekyb3d8bbwe.Appx
- Size
  
  875KB
- MD5
  
  38c974b0d873031e25b196982d4f1b08
- SHA1
  
  00c5a18b3243c99296724d4c02975ba8fc3ff353
- SHA256
  
  9c17b521f9d690a1f504da5108ed6eec5669eb3a8fd1331eef43e40d84e74283
- SHA512
  
  579e20c01e9cff73812a568a45fe4818e9188c84321ce04d5dea7610c20d03a6ad51a25af9d9d62cf1310f363b281fb42c6ddbee91a0b458ef1d39d9f456e69b
- SSDEEP
  
  24576:qugAqOdFtlQ8xl+hwHKcocc2hhyK7+i4oMjWn7A+k:UadFtO8yh63lhhSoUW7Ax
Score

1^/10
behavioral18
- Target
  
  Microsoft.VCLibs.140.00_14.0.33519.0_x86__8wekyb3d8bbwe.Appx
- Size
  
  740KB
- MD5
  
  21de135a5ac9248d0683da5b7b08f4db
- SHA1
  
  fc358891923a5c9c31398fecfc600ecb1b992014
- SHA256
  
  7ba6ea7bc32cd58b7e0683da588796086accfb74efb7a3e525e9f8014d2ad663
- SHA512
  
  8729cfca45f31f8a2c45bbc689c1b0443ab8e25b8696542794dc1e50a9bb9c8e0afb8588fc1f3f34b9d1cd7154c3b8c3f2386cfefce1ff11c0b5d1d482792c55
- SSDEEP
  
  12288:rTdeDUqXwXDNF/SVOA8FUzR9wADhaNl2OP615VzojrHxq+JO5wGAiZ5erV432L:FMBYNFiv9wA9gst56M+o5wGdurqo
Score

1^/10
behavioral19