282731b2d3212f21d8777946823514a65eeb73e2b5edba9c15f1f101183e98e5

Sharing

Copy URL Twitter E-mail

General

Target

XP-Voices.zip
Size

43.6MB
Sample

240805-k7pfkswcph
MD5

817038b9dc896b7bfcde132482b64073
SHA1

be14d2c44c7e87f5a52858ad2ef7140d91886613
SHA256

282731b2d3212f21d8777946823514a65eeb73e2b5edba9c15f1f101183e98e5
SHA512

511a8d0ab620bb8508004856bf89bbe30428149a124e5ad84099d8dc0bdc963e4abcb32488342957f17e835dd503f6836f22be6e22fd9b5829d94fd91fa94c5b
SSDEEP

786432:SV8bot06XIgod7Obo8yIVMq1noG5BEUcwKikNOnuQuurgOuVndJczfKYKkP68urI:SmbWpXPc7ObfyIXNo3UcrNC5uurgOuV0

Score

7^/10

Malware Config

Targets

- Target
  
  XP-Voices.zip
- Size
  
  43.6MB
- MD5
  
  817038b9dc896b7bfcde132482b64073
- SHA1
  
  be14d2c44c7e87f5a52858ad2ef7140d91886613
- SHA256
  
  282731b2d3212f21d8777946823514a65eeb73e2b5edba9c15f1f101183e98e5
- SHA512
  
  511a8d0ab620bb8508004856bf89bbe30428149a124e5ad84099d8dc0bdc963e4abcb32488342957f17e835dd503f6836f22be6e22fd9b5829d94fd91fa94c5b
- SSDEEP
  
  786432:SV8bot06XIgod7Obo8yIVMq1noG5BEUcwKikNOnuQuurgOuVndJczfKYKkP68urI:SmbWpXPc7ObfyIXNo3UcrNC5uurgOuV0
Score

1^/10
behavioral1
- Target
  
  XP-Voices-x64.bat
- Size
  
  21KB
- MD5
  
  c58068989f48b131c111c0baf9b93eff
- SHA1
  
  a51883e20d2f4c69d334e586b9e10b43023c041d
- SHA256
  
  38526d430c586792550d569e96d910f88897e88f7cc40658cfb810d3d2da3f18
- SHA512
  
  91acb1730e2fc16362aa0bc0de2117275cfce318a302ec1cb499d7b5956fb6bb92eb15334c04a5e88e1a892ab9f09ec85ee5a508a5edfa41a0276e0b733fb1d0
- SSDEEP
  
  192:V3zUz5zJzGyz+zUz3zpzIz4z/zIzizZzVztzSzdzvzMT2JzJzdzBzbT2Sz9zezjA:zr+jvKrF
Score

1^/10
behavioral2
- Target
  
  XP-Voices-x86.bat
- Size
  
  10KB
- MD5
  
  2da1be8bdb772b79f853c827ac049742
- SHA1
  
  7c51a10c902126961efd36fd9878a2d73da3f4a3
- SHA256
  
  9101ae8a0c917d3c7d895ca8c440d9aa1bb49f4e08c4dc18658d7f28ee4f3b1c
- SHA512
  
  18c1c5a22299ce21a367b48dbad7b362f11c98818c1b27e430ff2725d0732d1fd6392c1752029e1e659fc714d78072549715e5dbdc1d755c87557ca05bd114b5
- SSDEEP
  
  192:UzUzlz+zIz3z/zIzAzSzdzvzMT2UzUzwzszbT2HzQzbz6z8T2zlAzFzR:kgxy
Score

1^/10
behavioral3
- Target
  
  x64/CommonProgramFiles/SpeechEngines/Microsoft/TTS/1033/spttseng.dll
- Size
  
  902KB
- MD5
  
  0a8b581a5d57752b76b1e55cdaedd1aa
- SHA1
  
  08a92b6e9a1292982c38b784bce1688b45201875
- SHA256
  
  0063622a6671b7e5235c5e1b3f4bf08d2bb02f6aa1c5cddaf6b533b90d3baac7
- SHA512
  
  645a83a4f73a5b627655fc91a8ad000fdfe90d395753eb3ffa93da4f39a77ea81a3b38dea76e3ef29010bc4ad03d3216811e792f744f2b5e7e5c1245bb1000c3
- SSDEEP
  
  6144:8Egz13FK2tkdAX+011dOoNPX1eMxqJMTByI4CR0CYBY:8Egh342/+0vdOMP0Mxqs
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral4
- Target
  
  x64/CommonProgramFiles/SpeechEngines/Microsoft/spcommon.dll
- Size
  
  106KB
- MD5
  
  d5965cd690d4f5b7a79be35d5507f585
- SHA1
  
  741aa9431c7417a90d1625b34cd0b78e4e7fa784
- SHA256
  
  a0475d7513cba997dcb16cf4a5730e9b5f595a5739c5dd8a7427b4c873695009
- SHA512
  
  22e9dd787c4006b8a32a1f1977bb28625d72d1c73592acadf34aa74c1e6f79ea7556eadbae1e073fba4122ab98d8464f51069a3946742039d353cb7f2bc69924
- SSDEEP
  
  1536:76QQirIRAzZ4UsgoWw6Co9MaQL4jrB7LL5uqaSS5Wm7b0:76Qr0aZtsg6TJ8jrB7LL5bgWm7
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral5
- Target
  
  x86/CommonProgramFiles/SpeechEngines/Microsoft/TTS/1033/spttseng.dll
- Size
  
  772KB
- MD5
  
  693db834654acf6c3e02ff87b4f2365c
- SHA1
  
  c50987dc6b39bab4a4e2bd3438d9e80012ab8fc6
- SHA256
  
  b1af0f4adff2c221f128dcfe1d47b89bebda1a8a4fc8e7614e9faca16e66831e
- SHA512
  
  333a38e3acb85894e52266bdde3d3ee5034f16530986fab2a711dd4a06fa02f5a58303ee238324013514f3beca9622b14d1416e368906c47bb76db19286e931f
- SSDEEP
  
  3072:x29NGgpRtgjyaBZGU9Ag0FuShoEPreHa3VrUKaEUZD635jiZ7IjKqjVF9nKuOKNf:PAOUPS6lrUKa25oHiF0wIRYB
Score

3^/10

discovery
behavioral6
- Target
  
  x86/CommonProgramFiles/SpeechEngines/Microsoft/TTS20/MSTTSCommon.dll
- Size
  
  34KB
- MD5
  
  4a79cf0929c165593477776e638123d1
- SHA1
  
  06fe06e0e00fd37530fd04c2d38f83d2512ad07c
- SHA256
  
  91eb82539eb153e40d4e33fae3ca6bee3caa4fa112c29d134fb5f122f490bc14
- SHA512
  
  81df3fff14585cabc0f2cf382d8f5d6591105fdcf976e90380fbf420c8a3f753f45b12a3bc4b6928407b1bb85e993392c9be26ce7a937ed233712c22381a4401
- SSDEEP
  
  768:pMQTdXYKiZQxPJUL5UzNK/xgbVRuKwNBY5tCJH+Xf/q8R:p1BIKiKzUL5UUZg3u7NJx0f7R
Score

3^/10

discovery
behavioral7
- Target
  
  x86/CommonProgramFiles/SpeechEngines/Microsoft/TTS20/MSTTSDecWrp.dll
- Size
  
  46KB
- MD5
  
  e3b9d8cc54bff6e294b17ad199ff2edc
- SHA1
  
  4497ac09431957690d5af38c88253d3d971c4d1c
- SHA256
  
  0c316510a86f2988f624093f6223e1ea7981cb9a549695fcff2bdd6c2ebaf489
- SHA512
  
  15fc1b23a814650a9422e84fc7aa93b34209565d5541502fc9d568b39546ca872781e0298e24fb69b4379388137b6b9ca6c620c568a916926ad4ce4ff19d0638
- SSDEEP
  
  768:HOt2sRDQBCyXiFpVTxTPZXrWSbScu3sxMMvdLkzuUQoopc8AkssmDCh5:HOUwD9yXiFHTxjZ7WESbmkSUbopCkssz
Score

3^/10

discovery
behavioral8
- Target
  
  x86/CommonProgramFiles/SpeechEngines/Microsoft/TTS20/MSTTSEngine.dll
- Size
  
  147KB
- MD5
  
  8add058f5bddd785b13a4af1dd3cdb96
- SHA1
  
  c3ff7fa97ed14bcf44e552760d70981deada2555
- SHA256
  
  12641a4a285fb99f6a0165063581459c55badc26234bb83de440146b81fbf977
- SHA512
  
  4c1b49ab230ca0afbfcae1b90ee265ab7cbb3420f7f1e293400103258b45515ec695e0cff0f34b7564cfc897cb07390484518707308586c2f7784ff517169168
- SSDEEP
  
  3072:73LvwK4puqJqZq+HaZ57RJXfLwfV9t6YoXjKmkRLlxwIL:rrwK4fqZqwgjZE16YAjKXLl2I
Score

3^/10

discovery
behavioral9
- Target
  
  x86/CommonProgramFiles/SpeechEngines/Microsoft/TTS20/MSTTSLoc.dll
- Size
  
  8KB
- MD5
  
  9e892a21be5c9af414f1878b78eb344f
- SHA1
  
  8e80c00f0f34096665c4b2c730effb186931f3c6
- SHA256
  
  825c4cf167308f691d29375fe6a09dc2500e307021b103a1c6fe8410e0dc461b
- SHA512
  
  6ecdf337881a9281bdabafdbbe530f15e3a7c1ece99aede6dd9178b19664aef0b1d223b91b3023145c61013aa136d3ce44ced58fcd45b95fae966d74ac7264ea
- SSDEEP
  
  192:/ziBmWgMIUA8VNZ9LaVT65WaT4vC0WyT:LicrUA+NrLaVYWaT4vC0W
Score

3^/10

discovery
behavioral10
- Target
  
  x86/CommonProgramFiles/SpeechEngines/Microsoft/TTS20/en-US/MSTTSFrontendENU.dll
- Size
  
  268KB
- MD5
  
  70e764e0ac98ce3ded9eaab2a93716f5
- SHA1
  
  a44f451ca7cb5c70b8949956cfc76dfb65d604a7
- SHA256
  
  4dc0c318603eddd69afac477b189ce51be8be7a767dd34cf70a29cb5f9a8891b
- SHA512
  
  756582c669fd8ca28051ce5f7c813a46b6a0e9db74ea915ba47bd6bcfe0113058ac44d73af2ca64235125c007c2ebfc56d2282cb39c68ddfaa7e79d5d015dc21
- SSDEEP
  
  3072:sRs7uyofuFWkjNi0ugCUFkhxP8m8ZfDfisNzyzgHgrKsh/tf3BAQuvsHUu3lI+v2:ssNBQidTQ1BAQu4UuO9qFxH7jEpGF
Score

3^/10

discovery
behavioral11
- Target
  
  x86/CommonProgramFiles/SpeechEngines/Microsoft/TTS20/en-US/MSTTSLoc.dll.mui
- Size
  
  2KB
- MD5
  
  cf76715eff7fd7aa8630e519a07fa840
- SHA1
  
  faf5462fd98dc87926d31787f34d744c1db5e338
- SHA256
  
  4382ed166a4d4b7d8bdbb6d363d46b16af87cdcb81d32f00ed0524638118d948
- SHA512
  
  a8a36b2ad52a5e98678b57b20ba3545a8bf5c3a7ad24b6f8770e8968fe5984a03b1bff8c1422fc1a8b241455e11bb8025ecff64ca87e37e4610f2f7d95ce4f72
Score

1^/10
behavioral12
- Target
  
  x86/CommonProgramFiles/SpeechEngines/Microsoft/spcommon.dll
- Size
  
  92KB
- MD5
  
  8885a4a9e7c66aa127629e696dedba15
- SHA1
  
  e7056c88739408c1ea84fdefd86b682115ec182f
- SHA256
  
  c07dc6ad049292318d2f3195416da1007a2fb7dbe8320bbec7ab821712b27d04
- SHA512
  
  04ec73e7f2f30b3bf5f898c76321163546bfedf29f8cbf7aa8d6c3327af64436565ac605c0becd97ae74f7f0c349b60c451b17b3d64835df7d1b9e74dcc0cf75
- SSDEEP
  
  1536:ds5vWqaR2IMM1yOcDfnDws+HfAEtTAY7bzu:dyhIMM1iDfDatTAY7/
Score

3^/10

discovery
behavioral13

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Event Triggered Execution: Component Object Model Hijacking

Event Triggered Execution: Component Object Model Hijacking

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13