ed09b660a16215844f5072e6ea4821c17dcaa3eb9e3a48e864d9428850d48973 | Triage

Submit
Reports

Overview

overview

6

Static

static

1

ChatGPT_0....64.msi

windows7-x64

6

ChatGPT_0....64.msi

windows10-2004-x64

6

Sharing

General

Target

ChatGPT_0.12.0_windows_x86_64.msi
Size

5.7MB
Sample

240727-bvgqjaxhpr
MD5

847a056f92429cb7c70a6a552da0d8fc
SHA1

af0a839105e35afc69aade9423e7438483e32ad4
SHA256

ed09b660a16215844f5072e6ea4821c17dcaa3eb9e3a48e864d9428850d48973
SHA512

775782394f06b9fffdb9212e5970aaf2eedf3daaf9a5d4fc1a73723cde19692c5c82ce5f6015d6ddb3f5cde192eda5bb3539eab022f2e7720f039aa8fdfbd0fe
SSDEEP

98304:5PWu3MYRTcS4epUAOkOwJ4gnbzzZxGt0NgUh+Ugg3MioeIyzwOV1h4ucWPMcrE:NWu3MYRYe/OkzPzat0uUh+UN3hoeBwI4

Score

6^/10

discovery persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

ChatGPT_0.12.0_windows_x86_64.msi

Resource

win7-20240704-en

discovery persistence privilege_escalation

windows7-x64

26 signatures

150 seconds

Behavioral task

behavioral2

Sample

ChatGPT_0.12.0_windows_x86_64.msi

Resource

win10v2004-20240704-en

discovery persistence privilege_escalation

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  ChatGPT_0.12.0_windows_x86_64.msi
- Size
  
  5.7MB
- MD5
  
  847a056f92429cb7c70a6a552da0d8fc
- SHA1
  
  af0a839105e35afc69aade9423e7438483e32ad4
- SHA256
  
  ed09b660a16215844f5072e6ea4821c17dcaa3eb9e3a48e864d9428850d48973
- SHA512
  
  775782394f06b9fffdb9212e5970aaf2eedf3daaf9a5d4fc1a73723cde19692c5c82ce5f6015d6ddb3f5cde192eda5bb3539eab022f2e7720f039aa8fdfbd0fe
- SSDEEP
  
  98304:5PWu3MYRTcS4epUAOkOwJ4gnbzzZxGt0NgUh+Ugg3MioeIyzwOV1h4ucWPMcrE:NWu3MYRYe/OkzPzat0uUh+UN3hoeBwI4
Score

6^/10

discovery persistence privilege_escalation
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

Image File Execution Options Injection

Component Object Model Hijacking

Installer Packages

Privilege Escalation

Event Triggered Execution

Image File Execution Options Injection

Component Object Model Hijacking

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation

© 2018-2024

Terms | Privacy