03e1816244c55ee12a718b263bb777a6390236a70bd53187dc8be888da1068bd | Triage

Sharing

General

Target

setup.msi
Size

32.5MB
Sample

240727-kkyqqs1blg
MD5

913dd084c6111ce99ba36a761f2b7860
SHA1

a55a20c196253cc8f7e8729b99b9ec62a7025202
SHA256

03e1816244c55ee12a718b263bb777a6390236a70bd53187dc8be888da1068bd
SHA512

1547f0f6d4fbf4b667d493018491f5ece9c37df4cfea6d75425c5711a064837eaf23946310f95bef443392f332871b8dc6fc7410d9f38de642eda5decb759f77
SSDEEP

786432:3RQHUyTDXySTjxA4Ztx2+G+N0WYQYBXPByttH+dktHEDv0y:3RQH7xVLYjsp+ikJ

Score

6^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  setup.msi
- Size
  
  32.5MB
- MD5
  
  913dd084c6111ce99ba36a761f2b7860
- SHA1
  
  a55a20c196253cc8f7e8729b99b9ec62a7025202
- SHA256
  
  03e1816244c55ee12a718b263bb777a6390236a70bd53187dc8be888da1068bd
- SHA512
  
  1547f0f6d4fbf4b667d493018491f5ece9c37df4cfea6d75425c5711a064837eaf23946310f95bef443392f332871b8dc6fc7410d9f38de642eda5decb759f77
- SSDEEP
  
  786432:3RQHUyTDXySTjxA4Ztx2+G+N0WYQYBXPByttH+dktHEDv0y:3RQH7xVLYjsp+ikJ
Score

6^/10

discovery persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation