Overview

overview

8

Static

static

1

setup/PhysxExt.dll

windows7-x64

3

setup/PhysxExt.dll

windows10-2004-x64

3

setup/setup.exe

windows7-x64

1

setup/setup.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    setup.zip

  • Size

    16.2MB

  • Sample

    240822-3dwa5swalm

  • MD5

    1187a739e304b94b807c0f2247413263

  • SHA1

    9245b1cf3a8b9abbe382c8fdd7daf171199e5e79

  • SHA256

    537e78dec3b2ab5f838beebab29bfb6982852035bf773d0d36f4658f1e05f13c

  • SHA512

    93cba92720412eac7dc1504cde482e1cc8237506323e1c94e7233c9c9a3303be4605eb69e5efe1e00bd7f16b889fdd63db233496090ad9d2e7826232e0826ee8

  • SSDEEP

    393216:Qvid3uiOcE+/5Hm38C1F0XdDm19YyvcoWkafe75CIHL667n5MFSNN4ObMoeoZ6:Qa3j9m3tUdDLyvcoWkaMa67n5ci4OQoy

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      setup/PhysxExt.dll

    • Size

      2.9MB

    • MD5

      6ff985653d41e8d60bb1293f01729adf

    • SHA1

      1ae3086a16a91ea45c06d34071d8b3b87e058804

    • SHA256

      224ba9fe747ed7266a392961586db8a716553b85760fe3083e6d345034868d8f

    • SHA512

      fd47a81000dcd98adc03d1f45a172c19b2e8aa3c8f13338bda0b00407f7b81b52e0fa9be3f9ef87fb1303231225e83b9dd8c39a0777ee56ccd54abc52d095b87

    • SSDEEP

      24576:fZJJSVBjkvvhwVxKKpQgRQ8sUOwDUsHeHfcKtaPRO/o5o4Z/5rLyv+Fe:xJegvvhTKTRcPDqho4F5rLyW4

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      setup/setup.exe

    • Size

      54.0MB

    • MD5

      570542b68cc4911fe23f6733d5220a93

    • SHA1

      d2a596524bf21114693162b87adfc9b53f4856f6

    • SHA256

      f450a8207ba24b22862674510af69477fa0a81c664321346c05f5a327e1810f6

    • SHA512

      f0eccfe222114e0bbe90f06761c9dec4c7e1761064695f1d0d5746538fc2609763d90da03e50ad1618161f421b2402d7ea7112bb2694468d9e5730867e2c9be0

    • SSDEEP

      196608:HN1yhBql3CX29rXuSGQVMet9pZFuPlWRHXD8Z9DoZW8edTfzC0Wzy4XKONKG0:HyhBU1HGQVBnpSPCXKX8edTfG0x6x0

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks