Overview

overview

8

Static

static

1

Install_New_theme.bat

windows7-x64

3

Install_New_theme.bat

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Install_New_theme.bat

  • Size

    600B

  • Sample

    240820-wmdzwswbne

  • MD5

    99638e3caf39bd8aac3010f291727fcd

  • SHA1

    f688f9f969ffaf78c62f17f8a8df44490b952514

  • SHA256

    a461119f4dcaca45b8438792b6daba9a83d520f47127ebb7a7ed6d68c0ac1008

  • SHA512

    638bdc5e83558daf1c3d14e1ef3669d578ce3bc0df7c4643441e00d1d334397d409bb1329f07d559f0b7de21cfee406abfde24f7bc4d3129f2cf52e53612e84f

Score
8/10
discoveryexecutionpersistence

Malware Config

Targets

    • Target

      Install_New_theme.bat

    • Size

      600B

    • MD5

      99638e3caf39bd8aac3010f291727fcd

    • SHA1

      f688f9f969ffaf78c62f17f8a8df44490b952514

    • SHA256

      a461119f4dcaca45b8438792b6daba9a83d520f47127ebb7a7ed6d68c0ac1008

    • SHA512

      638bdc5e83558daf1c3d14e1ef3669d578ce3bc0df7c4643441e00d1d334397d409bb1329f07d559f0b7de21cfee406abfde24f7bc4d3129f2cf52e53612e84f

    Score
    8/10
    executiondiscoverypersistence

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks