bfc56a0e6aa6fcaa013fc9bbd0a39f060e8e7ca84e5e16c1b62a99e94d4cc26c | Triage

Submit
Reports

Overview

overview

7

Static

static

3

VisualCppR...64.exe

windows11-21h2-x64

7

Resubmissions

18/08/2024, 15:24

240818-ss3nnazdrc 7

18/08/2024, 13:39

240818-qydklswbmf 3

Sharing

Copy URL Twitter E-mail

General

Target

VisualCppRedist_AIO_x86_x64.exe
Size

27.6MB
Sample

240818-ss3nnazdrc
MD5

0ed3efb716d505769ed181e19c5fe9f5
SHA1

6499c8109339ae028ab50b347f976ee283abe413
SHA256

bfc56a0e6aa6fcaa013fc9bbd0a39f060e8e7ca84e5e16c1b62a99e94d4cc26c
SHA512

48a6f84bd767ba193a0d41ca0a30d5dc1a9238d574e60526e52cfa79b9e0786c1f4a7685ffe68b0dbe1eadfe83d3d9973d8ceb5f9fb27dcdbd93aa7562fbbcba
SSDEEP

786432:cCzv71vHpA8632XRXGGhbFTJEvPCFqeGM+1lI3MC/HPo:vtpA8632XEGhbFTJ4CFiMX3MC/HPo

Score

7^/10

discovery persistence privilege_escalation

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

VisualCppRedist_AIO_x86_x64.exe

Resource

win11-20240802-en

discovery persistence privilege_escalation

windows11-21h2-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  VisualCppRedist_AIO_x86_x64.exe
- Size
  
  27.6MB
- MD5
  
  0ed3efb716d505769ed181e19c5fe9f5
- SHA1
  
  6499c8109339ae028ab50b347f976ee283abe413
- SHA256
  
  bfc56a0e6aa6fcaa013fc9bbd0a39f060e8e7ca84e5e16c1b62a99e94d4cc26c
- SHA512
  
  48a6f84bd767ba193a0d41ca0a30d5dc1a9238d574e60526e52cfa79b9e0786c1f4a7685ffe68b0dbe1eadfe83d3d9973d8ceb5f9fb27dcdbd93aa7562fbbcba
- SSDEEP
  
  786432:cCzv71vHpA8632XRXGGhbFTJEvPCFqeGM+1lI3MC/HPo:vtpA8632XEGhbFTJ4CFiMX3MC/HPo
Score

7^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

© 2018-2025

Terms | Privacy