b9af69ac821a649f211c99e3edf32a76a213e9450b5e972a6cdda5758af530dd

Target

Application Files - system32.zip
Size

200.3MB
Sample

240823-c17dta1cpd
MD5

9e13c0126b7f608956f951212b77efdb
SHA1

7c486a0f69ad4f21be45954df7bdc2f4ce9b0dad
SHA256

b9af69ac821a649f211c99e3edf32a76a213e9450b5e972a6cdda5758af530dd
SHA512

15b133823bf17179d3f806893480c77082d8a6442d885cfd5f1c77d8fdd476cafe63201fa030d60dbc812d9c9be8e8db71d83a714a4c40d8f59dbf28b9528ab5
SSDEEP

6291456:nENHZIGVuWulErUOn39qvc00IYv6EbEJY7CqQubcGX:qZRulE54vcbv6tluQGX

Score

7^/10

Malware Config

Targets

- Target
  
  CloudNotifications.exe
- Size
  
  106KB
- MD5
  
  5b7cbe876830810f87653965a5707c06
- SHA1
  
  240572965dd1049eb091a9f83ddf47c879c5594f
- SHA256
  
  c0341fbecd0c57f8d5335b13fee85c878494bce5a11032b18f521ac2070d7534
- SHA512
  
  84d34fcf9f13afd3ccde1bec6d8c274ccf317b7712fd07737f57d16c887c77223323b8e6a4e0092321734a18502858d078665a0c52fc0b4771e30c99d970ce17
- SSDEEP
  
  3072:w3LXHNBclBqBkkbsEA+Ei2j0iZuoHAjoE6pd:wbXHTcHqBkkbspgiZRHNX
Score

1^/10
behavioral1
- Target
  
  CompMgmtLauncher.exe
- Size
  
  112KB
- MD5
  
  9b338bbc0ca0db9dd4b46048043d4e30
- SHA1
  
  71ebbe2dc095a2fed76797d5fe1d79418261d813
- SHA256
  
  7002d90d2beadfe0607062f253a8ad9ff8d941e556e75eda61ce88b2eea7db31
- SHA512
  
  b82492cc5e66e136644a14418b3d4b6315619303dafe37530e8ed817680e3cc60270fc9d3a01fc1e7c9af7dd42eeb44c95687ca0b77d584075dc414eaf691de6
- SSDEEP
  
  1536:E+95/l3GrFooVWgYMHZAW9PJo65ddiIr+KlOo+vi6Uf:Bl3OocWgLHZA3ad43Kco+Q
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral2
- Target
  
  CompPkgSrv.exe
- Size
  
  144KB
- MD5
  
  d07e65dd67b1d3f75009b30ead1df5e4
- SHA1
  
  ab9ead4d0d6d4217c0df6213571fc40e636560f3
- SHA256
  
  1a2890f9dbfbf8bce6c39f27149aa8b0381edfec1e795b3b8a961591ad1039e2
- SHA512
  
  4f8561c377a2d49899a1d3be55857682e197bae8c2b088c9ba6982a4ca2bb509ee7fc1b087391380f647a23b0b2ae9a4ec9cf11c2a594f5b92d8f59a8b70b238
- SSDEEP
  
  3072:dGw3YYapzNbCmRhpn6gVRvSClnCKmtgGLRt+KmDky78FElY4:g4YYa/bTRhpn6CRvSClCKNYbjXEl
Score

1^/10
behavioral3
- Target
  
  CompatTelRunner.exe
- Size
  
  301KB
- MD5
  
  e4ba35943fd93e64c91a7a09aea25ca3
- SHA1
  
  d77db05850b85a550e115250beb66a4171367112
- SHA256
  
  37924573b9795302f70b70727c54de6f53e28398bb2a3cefb6253dead0b458e2
- SHA512
  
  05e0ca415acb096d2f3c011f715eceb153f1e1ac9171a0589bbb56af1267f4e8c4cba4b4f40b6c6c362eb9fe1b78b16c2d6a016cba2676d0321b4b3b3a375077
- SSDEEP
  
  6144:FPEP1e3+JbSoZsuyUux8gYZNCpnXmukySXM/f:FMPA3cbS9uyUS8gY6pWLM/f
Score

1^/10
behavioral4
- Target
  
  ComputerDefaults.exe
- Size
  
  68KB
- MD5
  
  5c74f259f1e70356514b27eb518b8901
- SHA1
  
  c3e28513e92c7a9707046061d1808fa7a32948a8
- SHA256
  
  274aa1b7c137d52383e493e85e87dd8545beda2c465b251132f1f708b6d6cb50
- SHA512
  
  af69bae5d7802352aed4a4914ecd29aa9457aaab7d168a081dd291542a8b435f404acea85534a033c7a2f56f1e981a311014247ca2b78ff5fd75b3921b55a44c
- SSDEEP
  
  1536:CxR0J/hnOscbeUiyZURDoq4OZZZLlCIibC:rhIbFPWRD68wbC
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5
- Target
  
  CredentialEnrollmentManager.exe
- Size
  
  413KB
- MD5
  
  42e4628059007630253ce44ac8a88642
- SHA1
  
  b47a28236514eda16ef13f760e88d034663f5f4d
- SHA256
  
  471e237750efca7f757c24626aa6fed40424693e7e1e6582366a875606404058
- SHA512
  
  07a94ec8562ff9c03e6e270b7464f30a51ba13127cf6049bd9eff6247c5e3311da240ace6dc7e4e5c64fcaee4bbb81973c664cd513aa9928bc8395ac16cdb1e9
- SSDEEP
  
  12288:ABglBpDBQnoRlDYEQLXjCJvZVgAQDqMOlR1xQwG/D+:llDD+oRtYnLXjIvZVgAQD6GK
Score

1^/10
behavioral6
- Target
  
  CredentialUIBroker.exe
- Size
  
  170KB
- MD5
  
  eacf2b6cd69fb5460b702fe4a587329a
- SHA1
  
  18c924450da9602fc0a07b1fb984adb0d0c24d62
- SHA256
  
  32b12e46f781c33fc1329600222ce41f7cda89bb79ae308956c571174c9ff157
- SHA512
  
  c23f829bc118addc1e4c73895dc4a5a61d28dcdd71c02bb1116edc0dcd737b0f0dfce9be373d957b8a55cc9674c9548a36fd25fc2c085d4e3da023941fc266de
- SSDEEP
  
  3072:PhnvdMJSLiZ/oJMiQg1rejle5duQUoHDYporn5vqUbFPpzKA:P1dMJSLiZoJMiQg1ycduQUgD0oprb9t
Score

1^/10
behavioral7
- Target
  
  CustomInstallExec.exe
- Size
  
  156KB
- MD5
  
  ec889b609cde359979862f192c2bd994
- SHA1
  
  e07dffdfe7911e2a9638dc04c6a6b6ee24e7e3a9
- SHA256
  
  d6816ff0f929ef1f298ed1d0a1579fc3c5ccf92ace4fe0b2b87cbc89c61d89be
- SHA512
  
  c279c7194185d9b8af8a5112a19a8c78f116024ed532dba38e5f6cf2c7ca4cbaca927460985a6263c83421d1f7b4275723f11ac07b492b7f9096434cb43018f2
- SSDEEP
  
  1536:ZO9U4YjVqhzIRZx3F1fYE8tGwfmhGzrB6mowDiybS7q8/HVmnlc7DR/S33N:c9htyLVzwzrBZowDiySp10ODR/
Score

1^/10
behavioral8
- Target
  
  DFDWiz.exe
- Size
  
  72KB
- MD5
  
  a6e3cba5d22776f545d290fa7e1c25fa
- SHA1
  
  9f7d66cf27b30a9928d072d053d4ede2c7483b39
- SHA256
  
  1324bde18fcd29a46035896fb07cb99cd484cba396d5d062dd5e6f7ca4f7bff3
- SHA512
  
  de1a104ef93286a9b783fb0f65ba63a142f651295f4b9e3af93848e1e1b7bc37e7231ece791d9737ce3ccae024e8a0ffebb1b4c6705a0c19f5dd123a1804b476
- SSDEEP
  
  768:/qiFP6RvgtFKSTBaS9dPjDUpBVH7YpAZVlJ2AIq/Ne4hiiCmT7iKi0Pe840XJ5ZN:/q4NrvUZ7YpiH88PF+0Pe84055N
Score

1^/10
behavioral9
- Target
  
  DWWIN.EXE
- Size
  
  252KB
- MD5
  
  ec6a884a51e516992d6c3b399b67f1af
- SHA1
  
  c39741c40d746784e2f4f642eb8aba8a633f2dbb
- SHA256
  
  a0bd3cd8a0b154db218cc4d4a2f536a184d1c75c2aa9cc1d6362cf51ca36795b
- SHA512
  
  f20fb83e83a0fd30dc8d46db033eafb008e2c6a52f720185bdc4b5ec33591321de835b18e742de7b3b48a2155f176430b78903cdc62b38b153957b6a7563a76d
- SSDEEP
  
  6144:MFe4I7MQTyao6eVZWBqXydWrroqayt+zC:l4Yyao3VZ2qsqayJ
Score

1^/10
behavioral10
- Target
  
  DataExchangeHost.exe
- Size
  
  297KB
- MD5
  
  bf8178e7fa584712fed2644b72c567c4
- SHA1
  
  bfcb3befa2b41ba9055923bfb6802d464acb248b
- SHA256
  
  4dcd2c16e2304437333d94f86d7f8c4b8af0635b1e64e6c11893792d6209a01b
- SHA512
  
  1c9af4feb5eb157b5726a9a50071bb9ce36f45635712f8cb9cdb931fb227d95754d7cdcba9f213bae66aac28f50e8554179ccfa9b9a5e52b0c5890ec762b607b
- SSDEEP
  
  6144:PUJuTE/LFpWlSnVgXm/GXUnyynCoZxwuUK87RRfEqvtDm8:auTE/LFpWlSnVg2nnkH
Score

1^/10
behavioral11
- Target
  
  DataStoreCacheDumpTool.exe
- Size
  
  184KB
- MD5
  
  7466b830282414c263fc82b457215f7a
- SHA1
  
  d45e92d83353778a3b81467f494aea6b3f207a03
- SHA256
  
  b338f496edc316f21b057aa342664e89a9990e5dbd133823352fbaeb4d3470c1
- SHA512
  
  2227e19baa2952e129b9ff87b6e6b85c3ab43fb405f1139ef33f364dd701f285cbed4fe38d12cb8963985d6fa19618e97683ef1740d57fb76428c8a7ee08814f
- SSDEEP
  
  3072:iipNUsantTfsIzSY9QSvCn8/isLpFvehRxTh9j:iiwsanNhN1jsh9
Score

1^/10
behavioral12
- Target
  
  Defrag.exe
- Size
  
  240KB
- MD5
  
  662ba4db4d348d5152ebc73f12a7ab49
- SHA1
  
  b70099ce5945540ebb63603a5c3d328e58047034
- SHA256
  
  edf1fbb7770d5d8e4daaf40ac72a4fac4cb5983d076cfe413e29786e59123953
- SHA512
  
  0b2a59547e6eee3928b5cffc8c1fbaa234024d17655f187d600c70ed86bcc1f335c6a6f1c7710b17d4a2f89a76d85e036ae4b76e3d12b795ecbbaac284608af8
- SSDEEP
  
  6144:HnLPK/hxnzVq8jbYl3lRGOUZGKc4YFnwjCpW:Hn+JxnzVBA3lRkRc4YFwjsW
Score

1^/10
behavioral13
- Target
  
  DeviceCensus.exe
- Size
  
  157KB
- MD5
  
  27835fa47abe09864cab3b6f1d7b9a6f
- SHA1
  
  1c3cac9053b32a5938c6b3670730d7f8e72d1524
- SHA256
  
  30616fa75dbafcf9c128339a193cc0780184595adfbb6391e07d1ca2106a866a
- SHA512
  
  d86cfa5dbba581e5053bebfe9bb795460c0bd1e97bf67b521d9a36848b38aa6fd5992687c4514e86f42b899d3b1c356864920e7ba42d99b1133bdcaf738040ae
- SSDEEP
  
  3072:UB3mE3/KpObue23aE/W5GqpygE+pD9gD6mEgQ37JI6NBMhd:UB3mE3yp8ue5sCqK37tYX
Score

6^/10
- Checks for any installed AV software in registry
behavioral14
- Target
  
  DeviceCredentialDeployment.exe
- Size
  
  116KB
- MD5
  
  81c0f7426569bed3e1b8c55418e2b930
- SHA1
  
  467dc5e2f4e7bd81e5fbdd84cdae1ce349c44469
- SHA256
  
  07233106f7111f2b453c3a20c57c3ffcf20878ac0777efc516439d9e3fccba02
- SHA512
  
  913177a8f78df57b15f8b2ff073064705cbbfa5a3ebe52154c6cd6edc239449aec14c5e05dac82c439f9a48102a7cbd7a05de2509f80922a0b07c476d26cecc0
- SSDEEP
  
  1536:VHRqxNXJlKh2djU901eJoE+HXqKqfU6487a3BPZTjgPQrV5VkIAgtFUh:joSsdjd7lH6zfEFR2IrVLkjgPUh
Score

1^/10
behavioral15
- Target
  
  DeviceEject.exe
- Size
  
  44KB
- MD5
  
  b041f384fb8d7947eefa8f2a5f761d28
- SHA1
  
  24235ed214bb8d2de28368d368963b8ab63f396b
- SHA256
  
  5ffe4624961183181936b5c8dcddd0bf998c30224a8054c51931dd2b5118365f
- SHA512
  
  10c21374791db99d54e7171c1d2f6b998180180b06c28eb0b4ac427ed3583594fd462b8f964bc61c23c87f8c5e233b266438b8b1cc7ff789b634d0baf138ff52
- SSDEEP
  
  384:/HIa/EHMNNMhZdGOXmQ1OTQWSwW5JY0ehA/9gnl0:/HkINMhZdGq1OUbJYQ/9gnl0
Score

1^/10
behavioral16
- Target
  
  DeviceEnroller.exe
- Size
  
  516KB
- MD5
  
  4098c104200d26338b5433cd0a445910
- SHA1
  
  fd6c8017689cb398295162908960a008172a94e3
- SHA256
  
  2f4f3e89013bea723cdd764ed52574f43c44a2a9a754cbea3dfaeaf2d0d65869
- SHA512
  
  0cc7d084f7994adb7cb95cdff5f067f7b4d231c8b151b936ece8dafdb0310e39d5f1bb912bccf4776d17aabc724d9400117623bc14ae5acbd4c18e6d13aa211a
- SSDEEP
  
  12288:QHe1tKpI/xDFFObniB6yVSVLITwNj6F9VQ:QaKwxDFFObnizcxNGF3Q
Score

1^/10
behavioral17
- Target
  
  DevicePairingWizard.exe
- Size
  
  116KB
- MD5
  
  aa1c734522b7ccd3a188b59602f02b12
- SHA1
  
  55cd7686b2a79c9a780c285296a1f496d5948734
- SHA256
  
  f12132b0c6f04210fab24d4540a1900786457102c4942edf4cd2518f567fd17a
- SHA512
  
  4adff9c33f3040cd252d4d9ae38350b3bb07fd5e3618de789dbf564223638a873c13c89a8239df05bb21e310a424eb43d557a8d8309fa8c3cffb94d1ee86c020
- SSDEEP
  
  1536:flsCEuizrhXR4KwLdH9jBsUy3g9UryFraqZ3qOTZ:C1JDQ9jBsUywGGFreoZ
Score

1^/10
behavioral18
- Target
  
  DeviceProperties.exe
- Size
  
  108KB
- MD5
  
  430ce68aca39260a79167f02763d157e
- SHA1
  
  b79eacf2e76fa7f333cccc423ce1c6bacc8298ba
- SHA256
  
  8d5a76c61a7026e5954ef1592ddf0aeafcf189e8ab878e55b51ab335975ba93d
- SHA512
  
  32a63e845bf20175cf9b7117034d5c5aaf2ae9ea65912e5bb212b9faac56a66d065bb9e084ee30b5d7dc4c4034b4d2ab3227eb6a43d9a1bd917ad948f2f19038
- SSDEEP
  
  1536:Lv6TfT2y5nNWLJpBpTybQ74i6u0dw9Wegi85mChdlzwCxi65H:LC7T55NOFpTyIcuz9WzF4Chdlzri69
Score

1^/10
behavioral19
- Target
  
  DiskSnapshot.exe
- Size
  
  92KB
- MD5
  
  d2ae980905d6f4da5095fdc4fbd04bc9
- SHA1
  
  0a3784f9c4b3b3b6431bcddb6ad5ec659ffb0ea3
- SHA256
  
  fa7c499b2eef78d5c931af65bf0f273f7b03848641f057c0cbefaf6444354ba9
- SHA512
  
  792a4f7d73eced082b5bf32a7182e2caf20d3c90847c4e6eff519a6a3d48db8e8bd3171849b9db77969c0f618762ce0d2d4db8156daa772442454c1724c414de
- SSDEEP
  
  768:cOvhh8e58vMkPPBtwymTZ38yLg3RtWOOcNuwlQxU66sKW1LKrHaHpHB772+oieOk:nhiEkP4B32rNNLQxU67M+oSZV6XRZzh
Score

1^/10
behavioral20
- Target
  
  Dism.exe
- Size
  
  329KB
- MD5
  
  e160817525826c96ea598e39629359d5
- SHA1
  
  e0dc88fdd83381da191de9a1b84b4603c8f10138
- SHA256
  
  f359cda69305a818bf8434e8ade0e9a7bad5ad4a07bf08f2432f80a85899ca91
- SHA512
  
  e31498f71dd6ccf206cd7697b87821a837ed597bcbf101107577c1c15cf339a96f1bd2d93080426439f0ef3ae045ef8f5bee871dfc149368e1483fae58926717
- SSDEEP
  
  6144:HRapj61OlCJqyOjAgEHj+WNRBQ8DlW2CWkr:gj6oI5yARvxI2P
Score

1^/10
behavioral21
- Target
  
  DisplaySwitch.exe
- Size
  
  1.8MB
- MD5
  
  2618d4df8df1edc121f545f88a73ba96
- SHA1
  
  2beef104d2bd905d42664e7f12f7cd44a16dbad5
- SHA256
  
  68bf50a2e98f4f8f492dc2a20977e6246157590d47499b7858129f9b143c3b6f
- SHA512
  
  608b1d55d6de72ae8bd3b18b0e2b51a250cafa9288a123d0f738c281e674302aaee7225a9755440d5ad3823debee6db903980c37789fb6b40db8896a1400e7dd
- SSDEEP
  
  3072:yKqaKOfUBQ1WvKRz6sXKKMqYi11gPvkYM15uSf/N1:yKqaDDQKRHXHMqfss5j
Score

3^/10

persistence privilege_escalation
behavioral22
- Target
  
  DmNotificationBroker.exe
- Size
  
  52KB
- MD5
  
  e3902a3359ba87dd11911b7f4a153de1
- SHA1
  
  4b1b35c4a8c37d0ed1524645199aecdfa7c3c06e
- SHA256
  
  a656ad4672d73cc5f8af26a02d773c5f034c69603888841190c4c74075229e58
- SHA512
  
  872be1094d14d80d856a9b74c595c28181cc4feea8f87bab7fd4b0c2b060b005479a7166b93750ad1c073d9824d6e058f7c2223b4aba75c0cfa0c889af78bf34
- SSDEEP
  
  768:+lREf84WcyGvnKj56qI/JT4WgAJl0/Yw6VQitj/q+nMuf3DB:Zf84VyNj56qI/JT4WgAJ+/YwOtj/NB
Score

1^/10
behavioral23
- Target
  
  DmOmaCpMo.exe
- Size
  
  56KB
- MD5
  
  8da9fee572f4bc5fe56219b64dbd5fc6
- SHA1
  
  cdf1b2eaef01c6b2a6fbac94d3d862c2f13c201b
- SHA256
  
  66e66569c99f44f1c0012a5932a25e972c3ac5952363fd8592894b3051038ad8
- SHA512
  
  df4d98afcf54e79aa2a4b168aa238608bce5ff3809af837717a91288a7ab76b5675317c3019fcaa80ea0042dd8fcdffc1fddd39a94380ca8b0a1d032aeab3081
- SSDEEP
  
  1536:s4ovpoqpRcrEcmi8ymDX1+iaAZOkBVf7K7v:sgqpCrEqXiBVf+D
Score

1^/10
behavioral24
- Target
  
  DpiScaling.exe
- Size
  
  96KB
- MD5
  
  537fda831efa1c92c558cf0f729b997f
- SHA1
  
  a2d8fb30770b8da9530e44fafe8c0bba4c88119a
- SHA256
  
  3e93f8e489c86e23aafd31a09b8fbe85eeb751c15cafe3a348af96c9d34355e2
- SHA512
  
  b035f8536516675af36ebf17abc9f92f4af8e9684562a6901535f1680486d9d1f5386f8ad3254c7b623ae6c48a22115726856c2cc60e29fa2013969cbc28d5cc
- SSDEEP
  
  1536:XvRO0Z491OwxgwYfPSqlGv+BNXNvuZS36EDtAZ7jz6dTdMQiMtYwJjk:U+eOwNMSqoKXNvuZAFDqXzlzQI
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral25
- Target
  
  DsmUserTask.exe
- Size
  
  52KB
- MD5
  
  3edd5d6cd014f1e30aa2519e7126368e
- SHA1
  
  14864e586920f434cbcf849d29f75e600a3486fc
- SHA256
  
  37d5e7f4973b97cf7393a3a837c5c128698589f9b98216062e8eb4cdcf711fd0
- SHA512
  
  fb14df17ccb2f9cfff3988f3ae16c59518debcb5df7a79a159647a4981cc78976b58f07a48524d37f76408a3210c1ebfbdd58010afedfb58f197ea4731d06b2c
- SSDEEP
  
  768:KZApePxXh4vTHBLhtiMavhrDzaNbAcvgSYCSpgHUxjPml:JeXh6THBLivhr/qVHUV0
Score

1^/10
behavioral26
- Target
  
  Dxpserver.exe
- Size
  
  320KB
- MD5
  
  94cff8771cfb016e2443e33678cbf113
- SHA1
  
  ebea421f20d8ae61d3b834011494e312a1bfcfdf
- SHA256
  
  b4e13c3da352bf0681a540ce234ea0c3be3261bce312ef240977cd9bad0b9fdb
- SHA512
  
  e30f7a6d31662f75f9cfcaa205472ee2121178a03662a6cfd615055f8288a08bd458332bba09d6919a860aafbad2e7acbd549cf8955a59ac4865f84a77d23522
- SSDEEP
  
  6144:JTJtm76Ahb5t4eWns0PGrOYm6qy+liIZ1x+xrVFZqHfzpDmP1CfSyOdo5i+lClId:hLm76Mb5t4rs0PGrOYm6qy+IIZ1x+xrC
Score

6^/10

discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral27
- Target
  
  EASPolicyManagerBrokerHost.exe
- Size
  
  92KB
- MD5
  
  7dff07172132d230b7f52aa562001a2e
- SHA1
  
  440863ef579dfa7c5ee1a9e2a8229b3792a73cf5
- SHA256
  
  547f491a39b181f3d4d4a04a97c193dbb7b1c6011236771b2f70310803054c2c
- SHA512
  
  663bfdb21345a6446676d38fa891672cb9d31f9489afeec1bdd62609cf1ef4346330d2c614a9c4f15b6e578f04c39e86ed04fff4fa2f2487458717498a9c0634
- SSDEEP
  
  1536:1BWgq/hngDucetsmUkSx9xP8OBPxCKuEXikr:1M+DuceckSLx/BPIKdya
Score

1^/10
behavioral28
- Target
  
  EDPCleanup.exe
- Size
  
  164KB
- MD5
  
  8f2f2eee36d3565855b86591633da23e
- SHA1
  
  43d480b32657a9fdf88be556fce969eeaf4a7c54
- SHA256
  
  9aba665b1b80dfd517234e01e4d20f5c98d5eb5d5406aeb8a8bb9e13912482f4
- SHA512
  
  6db848ff4dd014a1227f5608d1b51a5b8f275ab60ce74565cbd89cc421ba875f403374231a4dfe73e8e0dfc529811e4c551126a37b883c1d22883f2c790c8eda
- SSDEEP
  
  3072:Xs05PI4VUhW10XJIEGtdAMnBTh2NaYDHM:805VUhW1057Gtznxh2NaYD
Score

1^/10
behavioral29
- Target
  
  ELANFPService.exe
- Size
  
  213KB
- MD5
  
  688dc9ca3c179f1aa7f0e8f98688d0ff
- SHA1
  
  14f99ed116bf93b5cb791d0c51432735c52d5b09
- SHA256
  
  e97e463583e23082d6d308423433dccf28e9e7f5489372c46b227cfaa2a90a4b
- SHA512
  
  74d475386f772952f59c8d36824165f6d3a062822e345afe83fa106a93327208f9a3d2443b1937894d33d95613f3be823d316156676facc7c117fc9ddcebfedf
- SSDEEP
  
  3072:Zlt+u0u6MkE9qOUKOhTSIdTQIx4k387N8QMv2yzocQLCbnXqBuUGfNEcrkKyaLU/:Zlwu0uY0q1s5e4kLUON7ro
Score

1^/10
behavioral30 behavioral31
- Target
  
  Eap3Host.exe
- Size
  
  36KB
- MD5
  
  47f2341aef836b0210b025f09ace0bb2
- SHA1
  
  350dda9d8ca8ebef57cd5318b1ca419f0c8fdb33
- SHA256
  
  ef30cbb6dcbda516523b2186475e37528220754649dbf94fe4d5f06ad74db962
- SHA512
  
  bb997b59f695faf8c8ae081c22012384caf22762d852785032f8a81851321ab4696f56f665a3d1848caf062c4d6d762824225aa763817de1b7d4b5199619a751
- SSDEEP
  
  384:RR63OBq9yGHtcPhuldJuUug8mJ+UHn0O8frka5W+aW2:RUS+LJFugvIDO8frkav
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Checks computer location settings

Drops file in System32 directory

Checks computer location settings

Checks for any installed AV software in registry

Checks computer location settings

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32