General
-
Target
Windows Diagnostics.exe
-
Size
106.8MB
-
Sample
240805-n2aa9avfqm
-
MD5
6e4d314a4a60f6094cdfb71e22decbd5
-
SHA1
da22ecbc03e635dd460f5c5510d1111028fe0692
-
SHA256
871542defab5303bb9611bc92e01f6a3d183807fe2480442540f50c4a36481e2
-
SHA512
c0c6a00407d8ba5e5207a10355ef7ac46d2e9ccf3a09ebbbc2441f7e8f3c594bc40a7430fd92cb87029c8c8be62c018b7e47ebc947799273f97a24fc2029630f
-
SSDEEP
3145728:fCbiS6xjKcBa6R2qHO5izBVnG0iWMstB2Ox0ox3:62SWNa6HHCittieBm
Behavioral task
behavioral1
Sample
Windows Diagnostics.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Windows Diagnostics.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Windows Diagnostics.exe
-
Size
106.8MB
-
MD5
6e4d314a4a60f6094cdfb71e22decbd5
-
SHA1
da22ecbc03e635dd460f5c5510d1111028fe0692
-
SHA256
871542defab5303bb9611bc92e01f6a3d183807fe2480442540f50c4a36481e2
-
SHA512
c0c6a00407d8ba5e5207a10355ef7ac46d2e9ccf3a09ebbbc2441f7e8f3c594bc40a7430fd92cb87029c8c8be62c018b7e47ebc947799273f97a24fc2029630f
-
SSDEEP
3145728:fCbiS6xjKcBa6R2qHO5izBVnG0iWMstB2Ox0ox3:62SWNa6HHCittieBm
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1