General

  • Target

    Windows 7 IconPack By 2013Windows8.1.exe

  • Size

    15.2MB

  • Sample

    240816-qpk84awhpf

  • MD5

    d54c644994f501358b6074a0ce2f331b

  • SHA1

    863d56e70d675eab6e83909fb587ad9e802bcce2

  • SHA256

    24a7869b1b222cc2eae561421b7f0c83048ca4c157d44718102a3e674a412e99

  • SHA512

    404910ea4caad2d05d9a2292b62d46355d98fb9c9577c4fc5838c6507deb84aabde02ec6557fa36d25ce4829322ef8da315f2573268117da07490bee49f51d7a

  • SSDEEP

    393216:sCBY2ekC/ialj+VaCVeNnCrPYFjvnfIlclildwvki/rsJwN1N:p7+iat+4CkNCEF7fIlldwPrsaTN

Malware Config

Targets

    • Target

      Windows 7 IconPack By 2013Windows8.1.exe

    • Size

      15.2MB

    • MD5

      d54c644994f501358b6074a0ce2f331b

    • SHA1

      863d56e70d675eab6e83909fb587ad9e802bcce2

    • SHA256

      24a7869b1b222cc2eae561421b7f0c83048ca4c157d44718102a3e674a412e99

    • SHA512

      404910ea4caad2d05d9a2292b62d46355d98fb9c9577c4fc5838c6507deb84aabde02ec6557fa36d25ce4829322ef8da315f2573268117da07490bee49f51d7a

    • SSDEEP

      393216:sCBY2ekC/ialj+VaCVeNnCrPYFjvnfIlclildwvki/rsJwN1N:p7+iat+4CkNCEF7fIlldwPrsaTN

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks