Overview
overview
10Static
static
10wind/Windinject.exe
windows7-x64
7wind/Windinject.exe
windows10-2004-x64
9wind/libcurl.dll
windows7-x64
1wind/libcurl.dll
windows10-2004-x64
1wind/pytho...er.bat
windows7-x64
8wind/pytho...er.bat
windows10-2004-x64
8wind/xxhash.dll
windows7-x64
1wind/xxhash.dll
windows10-2004-x64
1wind/zlib1.dll
windows7-x64
1wind/zlib1.dll
windows10-2004-x64
1wind/zstd.dll
windows7-x64
1wind/zstd.dll
windows10-2004-x64
1General
-
Target
wind.zip
-
Size
76.1MB
-
Sample
240823-q6n2bazfrl
-
MD5
4aa2b25c34598686852bb68a29ba1f2a
-
SHA1
439f19c37c2a2b66fff5f8db9ea66e21e3176e86
-
SHA256
3e99e305c8adcbf3b1068afcc123a12d3d6c7c15f9e242aff1598e96008983ef
-
SHA512
9b0ec34565f52498c9ec0edd7c8931c49dc6b970b1e7ac6396ef6ba200195dc4dcaf7fce83604dea2909f01aba162110e0ba540a302dddfab8096d418252b3c4
-
SSDEEP
1572864:4/VnE+mphoLAJzEYHC8L5S9n7ThSQukcywbRWVwxIKyXn2L/fmpFK4U:cVn+Pk8q7tRp4bYVwixmupF0
Behavioral task
behavioral1
Sample
wind/Windinject.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
wind/Windinject.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
wind/libcurl.dll
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
wind/libcurl.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
wind/pythoninstaller.bat
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
wind/pythoninstaller.bat
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
wind/xxhash.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
wind/xxhash.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
wind/zlib1.dll
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
wind/zlib1.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
wind/zstd.dll
Resource
win7-20240729-en
Behavioral task
behavioral12
Sample
wind/zstd.dll
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
wind/Windinject.exe
-
Size
79.0MB
-
MD5
6167f9f62a50b89b5d1d980039bbc387
-
SHA1
185cee450e86be4b4b97642109bf4ecbf0411929
-
SHA256
00ddd17fc113fcca57da61267e5cb8b762db0675aaf4afa7f7870c2474b39e05
-
SHA512
c8b881429819039a4385d0a96ed703604ed402247dd6d8229d0a0b9a267aeff4d19b21a86bf4d86a042f53eb6e232e54f82e6e621bf8a0230e0119872821b96f
-
SSDEEP
1572864:XvxZQglV3mWMSk8IpG7V+VPhqCMNE7TlgHtqiYgj+h58sMwt9z81cJzi:XvxZxfWhSkB05awCMkeNE5R9zni
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
wind/libcurl.dll
-
Size
546KB
-
MD5
2024156665356070ea193498d076ea7e
-
SHA1
304fd6c02e788ce55404560e88ecc45d78961d1f
-
SHA256
815e4160ca9fcf4f6bf2b44b004a35cdb5988103d1204102eb7320ce2146a9bb
-
SHA512
dec6441fe2fe25e5c2bce8f916d58d3be2bb218f2e82d27e346bce5100caac239c484f4e10f0fdfdc152fda209b066ac04d89b62bdcbe5cfe0393734beb16962
-
SSDEEP
12288:TIEuXoN7eLmPPIy/KN2nalkLPrEOkTR1VcTo/w4l8DJCLd:EEAoleL2PIyyNrlkLPG1VcTo/w4l8DJs
Score1/10 -
-
-
Target
wind/pythoninstaller.bat
-
Size
1KB
-
MD5
dad8d6aee0ee58923d05305efda0a068
-
SHA1
894682e0094c4c897805877747474e472214e92f
-
SHA256
f283642cc82faf6a70926ac4509cdff0a18b05949c8beb3bcbf19b5eb12b9acb
-
SHA512
6b167d0752dbfacabddcf497c558190414f2d5b68bcfdf6e7244c1768b0e972a96f43bff8bac238366eef1712cb631fe37165e764424f69c5f03ad45a829b1a5
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
wind/xxhash.dll
-
Size
45KB
-
MD5
fd4a9c28c2b7b7f7cae985eed789f0ce
-
SHA1
44b51dd9a141f3dfcc090549e6c90071f8b55fb4
-
SHA256
dc354e7ea9046cadbed8645e4666975a523463500c877574f8e8306d958b7304
-
SHA512
b3ae3d523a1a2de93f05cfa856ac6984d444ee5180f862f0046be3acd02fb499400909449c7e47f764aea2d7d3863e42c7029b0cfc8803b79a91c9f56f3b8bc1
-
SSDEEP
768:f9otvM7DZ1LMDJdj+LVvgFlJus4zBYdXK3QDV:f9UEDLMDJxKM0scCXKA
Score1/10 -
-
-
Target
wind/zlib1.dll
-
Size
87KB
-
MD5
46b86e47c082b3ca753e264538c6b9ba
-
SHA1
aafa06e387ab9eddc120de3fc0127332cdb8fe1d
-
SHA256
cf0bf2746b40710452df596fabd497df250f7693db652c13971aee7c69226c18
-
SHA512
31a396fe4349c81067f1936b92e68b058dea5fee2faf972c3bb39d7e2c6ce48292eac5bbc5b43545e07e8aac03f299fb504bfe651b3e432b64e302c651f3d81b
-
SSDEEP
1536:47wjHHWwn1rhEzjEp70E2thqlzY2qIOcIOZIelMbHi:4cjH2w1EjEpIqa24SZICMri
Score1/10 -
-
-
Target
wind/zstd.dll
-
Size
639KB
-
MD5
91032907f8dc67be99885b0b1169837a
-
SHA1
63b6cd2442d68907ae64bdf72095ad08f0b4d00e
-
SHA256
ab04353fdcf07994a048ad4dbec1579436066f047fdd63d36e4e29f4b1dd6a2b
-
SHA512
83ab14249829f9d98d41363a7a6b5b7be8dfda5f51a017145da7930e42cc9de2ce79a524960d115dc533343b62bfdefdce817d95d0c779687e5ee15f2347856f
-
SSDEEP
12288:AlNqGONdPaszBp/I3MV4IIdsdVWoRpEn/x:AfazBpw3MV4RdsdVWoRpE
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1