Overview
overview
8Static
static
8MathType-w....0.exe
windows7-x64
8MathType-w....0.exe
windows10-2004-x64
3$LOCALAPPD...sc.dll
windows7-x64
3$LOCALAPPD...sc.dll
windows10-2004-x64
3$LOCALAPPD...11.dll
windows7-x64
3$LOCALAPPD...11.dll
windows10-2004-x64
3$LOCALAPPD...nt.dll
windows7-x64
3$LOCALAPPD...nt.dll
windows10-2004-x64
3$LOCALAPPD...ch.exe
windows7-x64
3$LOCALAPPD...ch.exe
windows10-2004-x64
3$LOCALAPPD...ss.jar
windows7-x64
1$LOCALAPPD...ss.jar
windows10-2004-x64
1$LOCALAPPD...va.dll
windows7-x64
3$LOCALAPPD...va.dll
windows10-2004-x64
3$LOCALAPPD...wt.dll
windows7-x64
3$LOCALAPPD...wt.dll
windows10-2004-x64
3$LOCALAPPD...ce.jar
windows7-x64
1$LOCALAPPD...ce.jar
windows10-2004-x64
1$LOCALAPPD...eg.dll
windows7-x64
3$LOCALAPPD...eg.dll
windows10-2004-x64
3$LOCALAPPD...nd.dll
windows7-x64
3$LOCALAPPD...nd.dll
windows10-2004-x64
3$LOCALAPPD...ds.dll
windows7-x64
3$LOCALAPPD...ds.dll
windows10-2004-x64
3$LOCALAPPD...se.jar
windows7-x64
1$LOCALAPPD...se.jar
windows10-2004-x64
1$LOCALAPPD...vm.dll
windows7-x64
3$LOCALAPPD...vm.dll
windows10-2004-x64
3$LOCALAPPD...ms.dll
windows7-x64
3$LOCALAPPD...ms.dll
windows10-2004-x64
3$LOCALAPPD...ms.dll
windows7-x64
3$LOCALAPPD...ms.dll
windows10-2004-x64
3General
-
Target
MathType-win-en-7.8.0.0.exe
-
Size
43.4MB
-
Sample
240726-nd85nsybjg
-
MD5
0984ae82d2f00151fd3e891b601619ea
-
SHA1
475291c51140d2107b341e9671b5f2807c06bfe6
-
SHA256
24b2c6ce45d27bfdb14cd4e352180bf7bd866ce9f9565b79b475eba07a72c752
-
SHA512
7a0f50caf5d98ee5e4820738141a8c82bf5b70d231c440085947bd2443c159e95ca7e7b7272b320f0d2d217c33762b9122e63064c825dea379844597c52d876a
-
SSDEEP
786432:ometqlZRTGuNDuDVia6JnBep7serZMBqYb/ByCS1ZwqAZafqNKntXamJTsASlLr3:oMlnGXVUA7sB/sCW+B8faKtXamxsAOLD
Behavioral task
behavioral1
Sample
MathType-win-en-7.8.0.0.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
MathType-win-en-7.8.0.0.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/j2pcsc.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/j2pcsc.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/j2pkcs11.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/j2pkcs11.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/jaas_nt.dll
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/jaas_nt.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/jabswitch.exe
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/jabswitch.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/jaccess.jar
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/jaccess.jar
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/java.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/java.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/jawt.dll
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/jawt.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/jce.jar
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/jce.jar
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/jpeg.dll
Resource
win7-20240705-en
Behavioral task
behavioral20
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/jpeg.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/jsound.dll
Resource
win7-20240704-en
Behavioral task
behavioral22
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/jsound.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral23
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/jsoundds.dll
Resource
win7-20240704-en
Behavioral task
behavioral24
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/jsoundds.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral25
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/jsse.jar
Resource
win7-20240705-en
Behavioral task
behavioral26
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/jsse.jar
Resource
win10v2004-20240709-en
Behavioral task
behavioral27
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/jvm.dll
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/jvm.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral29
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/kcms.dll
Resource
win7-20240704-en
Behavioral task
behavioral30
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/kcms.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral31
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/lcms.dll
Resource
win7-20240705-en
Behavioral task
behavioral32
Sample
$LOCALAPPDATA/Temp/mathtype.tmp/lcms.dll
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
MathType-win-en-7.8.0.0.exe
-
Size
43.4MB
-
MD5
0984ae82d2f00151fd3e891b601619ea
-
SHA1
475291c51140d2107b341e9671b5f2807c06bfe6
-
SHA256
24b2c6ce45d27bfdb14cd4e352180bf7bd866ce9f9565b79b475eba07a72c752
-
SHA512
7a0f50caf5d98ee5e4820738141a8c82bf5b70d231c440085947bd2443c159e95ca7e7b7272b320f0d2d217c33762b9122e63064c825dea379844597c52d876a
-
SSDEEP
786432:ometqlZRTGuNDuDVia6JnBep7serZMBqYb/ByCS1ZwqAZafqNKntXamJTsASlLr3:oMlnGXVUA7sB/sCW+B8faKtXamxsAOLD
Score8/10-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Office macro that triggers on suspicious action
Office document macro which triggers in special circumstances - often malicious.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Enumerates processes with tasklist
-
-
-
Target
$LOCALAPPDATA/Temp/mathtype.tmp/j2pcsc.dll
-
Size
10KB
-
MD5
082fcf36dbcdc2ae39b7a05fa50c8221
-
SHA1
214044ccbb0c4eacf6f68a9361aa21d7530faaa4
-
SHA256
84598ba5d55715f7ae169f168d1f1c6d4f82385822cd6b17706b19add0118795
-
SHA512
0ba186c7a4e0bf4d8aecb30bbdda5e460acea8c5aad7b9035ad7d5b62858702a9b4b04cd144121ae05efb67cadd39b6f1cfc6a02464e9c887747d638d1b1995d
-
SSDEEP
192:pN+oJRa3faYQu4H7nhTZw3SSunY3X3PVR6y8jzqpYOyb:pN+oJkChdw3SvnonPV58y+Oyb
Score3/10 -
-
-
Target
$LOCALAPPDATA/Temp/mathtype.tmp/j2pkcs11.dll
-
Size
44KB
-
MD5
33125cdb04f05e8bdb359dbd60eeb029
-
SHA1
c5d306daaa32ab37c0a712dd4cda939fd6903069
-
SHA256
5e774118444fd02e45549ddd3956452befd32b0fad38994ae6a8bec6ad98b390
-
SHA512
6abf42ae8bcc36026d870bd6d50e81d7c8b6c9bdaa8e3f07aa2b4923cf5bb1151dbb824c57f3e246b04c7f9224e57a166bb82c33796a8eea3b0feca65f6b027b
-
SSDEEP
768:gOzcUy3d4wuIoMnB3w/2hQkHc6lFUWGMmvriCCf5C3R1qo2hHOGLxYRrZT9ixHDW:PcFNTVrhQv6lFUWGMmvrAE32LFYRrZT1
Score3/10 -
-
-
Target
$LOCALAPPDATA/Temp/mathtype.tmp/jaas_nt.dll
-
Size
13KB
-
MD5
68248d57321b27fd8aa522eec32839bd
-
SHA1
53226d1a011758b67830d8270f8cfa475a2f485d
-
SHA256
6e920446aee74b00e7c375a95d4251a373e28a43d4e43b37d626eced9a7058b8
-
SHA512
17a84876bd82787a3358b67a814ac0b31f6e0e161a2bf4f92f20f1420ab2d23bf26f33bdd7c0ecbfcc84695997290596280046f359bd65022e337b88dd6001f9
-
SSDEEP
192:K6qjc62qVmPbms77KsR4aChOA3a3X4WAO0PVlA6OlHnCgI1wG:ZqjkKQKsRshOcWIE0PVlClHXS
Score3/10 -
-
-
Target
$LOCALAPPDATA/Temp/mathtype.tmp/jabswitch.exe
-
Size
24KB
-
MD5
3d169bb4acbb4f3db2925ee846f68b66
-
SHA1
2c8cf55e351cfeb6ea160bb8376f8a65294c8a7c
-
SHA256
e77fad4dbcfecf30669a219cfad141350a3e2ce2f2af070eb0d80b43a74a86ae
-
SHA512
bdc5e28d4fafac6a0c03e36044dcb69bc621e209bf4cc46939862f82ed7e3c6dc6fc26255daca8c1bffd47328f2a3e4f61cacafe7afcae84524320dfebe9477e
-
SSDEEP
384:6wxehfW7RGV/QrnqX3hhwUjqrLP7dn3pm15Kq7vPngUaKV+na7SHuEVtcaPb+S15:6HhfWinvwUurL5n3cTIU1+naSOuthSM5
Score3/10 -
-
-
Target
$LOCALAPPDATA/Temp/mathtype.tmp/jaccess.jar
-
Size
43KB
-
MD5
502dc106bdb231797d00d2b667db8704
-
SHA1
931d59147a644040f52d6c28ab14ad77a0fb79db
-
SHA256
829968a16ba58ea3d382885e2b3eda159de670aa5be296f7677da5995e2fd10c
-
SHA512
2a4c75446d034a4203eeeec6dd14a0e345e77d964770fc7e368e6ae54b4f921543c28fc57fd6fdafe1b462ce8700b1a418ddb205bba45a8e5ae700c3ed15467c
-
SSDEEP
768:oYV6UjqfgKbWnXuZIQvfnbJrpMItkZQnWn1094qoCjE4ij:oK6UjWgfnXudfbfMTQnWn10yqH34
Score1/10 -
-
-
Target
$LOCALAPPDATA/Temp/mathtype.tmp/java.dll
-
Size
86KB
-
MD5
6bca9b3769af6b52e8f4b584eae2f7f3
-
SHA1
d2da5a296f8c679be8cd43e7eefecd2757a176a0
-
SHA256
1313b10a9ae5927a059b99664bf998f210692c4b8a0b8d1ff0a0f5c73d5b160a
-
SHA512
d9a91d04cecd2de26bfc3ad84b3e8cc353d94d2d228f15f8bbbc3e7caf2e8812ce33759e8734a54eb109d5a2f994f5bb163d4a83fecd551733ae987b249dd157
-
SSDEEP
1536:xDsj2zDjTTfXPtD9IgcaKm3o/FkTDMtFxg6Vr6OUGZdPnDOFm4pIC5GzQ/bo0TK:xDsj2zDjTTfXPJLcU7MtFW6Vr6WdPnDF
Score3/10 -
-
-
Target
$LOCALAPPDATA/Temp/mathtype.tmp/jawt.dll
-
Size
7KB
-
MD5
8594a8405606e3299e1bc2f98c638957
-
SHA1
a50cc2b7c40f3eff292e5d9a43397030dc5e0899
-
SHA256
50bb9ac4bf275d9d7ba6414eb340837cf46982715a196a1d7ee3e56f5a19a048
-
SHA512
5053adff48d4f0dd5fa147243ceba528166c04d55cbd6d0d89599369096c000be45b0804b3ffa78ea477f1d49199c684efeae2eb99bfc7b3e1b566f12756e51a
-
SSDEEP
96:Wn4VZiVl1A1+vB0qYz7KP3XLPVAAD61k+:Wn4VZ6nb5Y43XLPVlD61L
Score3/10 -
-
-
Target
$LOCALAPPDATA/Temp/mathtype.tmp/jce.jar
-
Size
113KB
-
MD5
70eb04d21d1639b5d92165cd9d3940ba
-
SHA1
d958adac5f1edefa22045a1409ccdeff154779c1
-
SHA256
15c40db7ab18423a7b653b64033d4639a8ba5f201c20232c6f5dce0102887231
-
SHA512
2124ad54b1b10cbaf9e06bcc63cf8b2b8479b9787be5ca94f425b0a506c3722a11c68a073718b9f57b6ac9b84ca87ba2838e843c0536fb0769ba64f2a2bd4b58
-
SSDEEP
3072:v47Ovr7VDo5Zd5UVokTTNeMAgGHuyCTCK:A0DqZdWBo7DH7CX
Score1/10 -
-
-
Target
$LOCALAPPDATA/Temp/mathtype.tmp/jpeg.dll
-
Size
137KB
-
MD5
e2e5e5ba2db67ab0760535c9e855579c
-
SHA1
04bedf3946cf0b592716d7e3c49d5c600790f371
-
SHA256
475d1179b5216ac58520ef7cbdad57288fb0ceeca3e24d6d4d6d3b43ec49578c
-
SHA512
bf2aa7454df277c9fe69c84ee46c5c3ef6f9a62a7ec08ce3231dd7bc53644ef3dc83f9287cbccfab8c12444d79c7a9bbfbf80f6ce13ab7aa2f0aa606f4b6dfe1
-
SSDEEP
3072:hIJaZEJrhNWWL7PSk1IDDmcFS5VYi0ANaSMEbM2rXV4A:hI15WE7PS6IDzFyFNaSMEbM6V4
Score3/10 -
-
-
Target
$LOCALAPPDATA/Temp/mathtype.tmp/jsound.dll
-
Size
24KB
-
MD5
44fe5afa90e02eda806ba83c45b2621f
-
SHA1
dff62d19ba9750f945a5ad595ee439b20e96cd12
-
SHA256
da69efada5bc891aed24cd5e5af4a245537bf000967a6dd16e6b09361d1046e1
-
SHA512
118d29af8a0532775153451ebea61ab3e8d5ebe103c2d5ff485bcc27d7be3abb816b963c3f99c4667f90110b86e946e1c6c6e85aceff809bb3905a5a80535c4c
-
SSDEEP
384:CzSht78T0OgjjaFr0OPfcOM7AdJwePHRiPCeHlLYuG8RPGHbHkoLny:CzSht78n0OPtdJFHUCeFLLR+7Ju
Score3/10 -
-
-
Target
$LOCALAPPDATA/Temp/mathtype.tmp/jsoundds.dll
-
Size
20KB
-
MD5
143dd074fab2fea89f017f97263c17ab
-
SHA1
79e9e82075b9a36d251877923638ec141b737fa7
-
SHA256
5970ea183e9603352c324db4288bf2feeb807ec3bd1962f81e0311fc0a9f0555
-
SHA512
646f0127af4f0c8e641c1d66385932d49686d80a8a5354d1a392340db0b2217e63e6231f885d203fe6061cbe5c812c517d77bb69661a3e591ec074f38eb53859
-
SSDEEP
384:yeWeFz9EZu22rM0Z6U9HB+O2R3WreX06OMi423nDIN5sgvYWWac44Sl0KnKHqdx+:xWeFz9Yu22rM0Z6uHB72ZWreX06OMi4C
Score3/10 -
-
-
Target
$LOCALAPPDATA/Temp/mathtype.tmp/jsse.jar
-
Size
633KB
-
MD5
985dc5f21f8c011178da93519d55cc1d
-
SHA1
1bf97b1255bbbda1706a9764a378d1c06e07a1a2
-
SHA256
3ef2ff87c650a9bd29e41e67bcf3e44d6f0a297ceb375a37c630055466307478
-
SHA512
319e786d640e9a55796a1a210ec5efec920cf40ca24fdc5a648053cfc8bfe9dd1b20e8c5d3a714bbbd195fcce3de153033896e787d74e319dc7a1b3373155ec3
-
SSDEEP
6144:0kks3HSMUsMhBSafEtTcNexU/agYMXf//FsBaKGS3fwslT3y:0kJ3uJjNeGigYyaaKny
Score1/10 -
-
-
Target
$LOCALAPPDATA/Temp/mathtype.tmp/jvm.dll
-
Size
13KB
-
MD5
16632d231f59d27b1e6f0b6d9394238e
-
SHA1
bb54d29fa50ad4fc26d1e149a8094caa3fc3a1ae
-
SHA256
e0448890487659db16a4b2b25c3182e22a05c807c4659da5b8b263b951b11f84
-
SHA512
af77fbd5daccc1fbdf2e5009b19ab40ad6b196321deb6bdd724967ffabb45f2400cb444f17f603c69089da6f53fa0026fced5de61cec36a6be22b11361c928d1
-
SSDEEP
192:0FKp/SNdJPFZZFnV4Ea5YPQ6UojILWLKB4tOO4VzzqmP4Dftq5tB3X03IPVR6bUG:Rpw/nR0XqmQDftq5t9E3IPVmUZc2
Score3/10 -
-
-
Target
$LOCALAPPDATA/Temp/mathtype.tmp/kcms.dll
-
Size
168KB
-
MD5
272a76d35fb21af255560e4645a14ee2
-
SHA1
292913cae4c905d495930d25a8fcc251df36b40b
-
SHA256
afba8f254fd34066f7adec95147e52ba31baeed165e0869522240d1222d0c5b1
-
SHA512
55f260aa99a642ea22e8891bd6778266c48027972fb712ddfd89098ed825ab65aa9cfdc1a82a509b286ab4ce50e709031b9b8e5b7864a05dd97da5b37929abc8
-
SSDEEP
3072:U3O0ARym4uKtpdhEnG4e/Ny9bfBLvrNtk3laCg0k3FnDO956t:qUzetpdhEnjrBj/kVm3Zl
Score3/10 -
-
-
Target
$LOCALAPPDATA/Temp/mathtype.tmp/lcms.dll
-
Size
175KB
-
MD5
7bd7c8844f0e8241ebe59d664a0ce2b5
-
SHA1
1f39239cb3eea48da87b9e77d9c0ffeba1954fd3
-
SHA256
b4b3590ef4f5fb482609df35ba4a6b4eef0483586e92f0cef45629da7d0466eb
-
SHA512
4f17aeb99b04c02e166a55c5523fe4a36681994215e717ee0b8da36e90bf53c7cfcd66b500b737ce0e91e8b293f2982f66bd90dc6e68f2e6d06087a3a65e7d64
-
SSDEEP
3072:AKl4IOMl74MHKt6VGEJK2Pp27Hs2AJ8zmf49GCxwCUGFm/eny5iNxuONIu:16IO4q8K2iMbJ8z7JFvy0N
Score3/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1