a11a6e5a4339a120f1c9e6b5c9c7c702da254139dcb5e856809b7959086f011e | Triage

Submit
Reports

Overview

overview

8

Static

static

1

Autoclicke...US.msi

windows7-x64

8

Autoclicke...US.msi

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

Autoclicker_2.0.0_x86_en-US.msi
Size

3.7MB
Sample

240814-qsgp3szblj
MD5

3231ca7759e7949c7f028b35e1c5b804
SHA1

77039469545996f7c766489fb3757ced80aec102
SHA256

a11a6e5a4339a120f1c9e6b5c9c7c702da254139dcb5e856809b7959086f011e
SHA512

fdd0ecfde68a83dc5296180935d35d649662d736d8b8c48352901d06ac80cab2e0d08dd62db95526ac3f72fc83188b3231e8a7a289c6e9e9f7a03ae954b4dd5a
SSDEEP

98304:ttiYSDgI7C/9s11mvbx4nVTMHKo8ABlmcKWdWwv8m:ttPI7C/CLmvCVTMwAf1fI

Score

8^/10

discovery execution persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

Autoclicker_2.0.0_x86_en-US.msi

Resource

win7-20240705-en

discovery execution persistence privilege_escalation

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Autoclicker_2.0.0_x86_en-US.msi

Resource

win10v2004-20240802-en

discovery execution persistence privilege_escalation

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  Autoclicker_2.0.0_x86_en-US.msi
- Size
  
  3.7MB
- MD5
  
  3231ca7759e7949c7f028b35e1c5b804
- SHA1
  
  77039469545996f7c766489fb3757ced80aec102
- SHA256
  
  a11a6e5a4339a120f1c9e6b5c9c7c702da254139dcb5e856809b7959086f011e
- SHA512
  
  fdd0ecfde68a83dc5296180935d35d649662d736d8b8c48352901d06ac80cab2e0d08dd62db95526ac3f72fc83188b3231e8a7a289c6e9e9f7a03ae954b4dd5a
- SSDEEP
  
  98304:ttiYSDgI7C/9s11mvbx4nVTMHKo8ABlmcKWdWwv8m:ttPI7C/CLmvCVTMwAf1fI
Score

8^/10

discovery execution persistence privilege_escalation
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Installer Packages

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecutionpersistenceprivilege_escalation

behavioral2

discoveryexecutionpersistenceprivilege_escalation

© 2018-2025

Terms | Privacy