Overview
overview
8Static
static
3MDMAgent.exe
windows10-2004-x64
1MDMAppInstaller.exe
windows10-2004-x64
1MRINFO.exe
windows10-2004-x64
1MRT.exe
windows10-2004-x64
7MSchedExe.exe
windows10-2004-x64
1Magnify.exe
windows10-2004-x64
3MdRes.exe
windows10-2004-x64
1MdSched.exe
windows10-2004-x64
1MdmDiagnos...ol.exe
windows10-2004-x64
1MicrosoftE...st.exe
windows10-2004-x64
1MicrosoftEdgeCP.exe
windows10-2004-x64
1MicrosoftE...ls.exe
windows10-2004-x64
1MicrosoftEdgeSH.exe
windows10-2004-x64
6MoNotifica...ub.exe
windows10-2004-x64
1MpSigStub.exe
windows10-2004-x64
1MsSpellChe...st.exe
windows10-2004-x64
1MuiUnattend.exe
windows10-2004-x64
4MultiDigiMon.exe
windows10-2004-x64
1NDKPerfCmd.exe
windows10-2004-x64
1NDKPing.exe
windows10-2004-x64
3NETSTAT.exe
windows10-2004-x64
1Narrator.exe
windows10-2004-x64
NetCfgNoti...st.exe
windows10-2004-x64
1NetEvtFwdr.exe
windows10-2004-x64
1NetHost.exe
windows10-2004-x64
1Netplwiz.exe
windows10-2004-x64
1NgcIso.exe
windows10-2004-x64
1OOBE-Maintenance.exe
windows10-2004-x64
1OneDriveSetup.exe
windows7-x64
1OneDriveSetup.exe
windows10-2004-x64
8OpenWith.exe
windows10-2004-x64
1OptionalFeatures.exe
windows10-2004-x64
1Resubmissions
23/08/2024, 16:00
240823-tf47dsteqe 623/08/2024, 15:32
240823-sy293sseld 423/08/2024, 15:18
240823-sp1d5athqk 823/08/2024, 14:12
240823-rjcv7sydnd 723/08/2024, 02:33
240823-c17dta1cpd 723/08/2024, 02:11
240823-cmbpzszelg 423/08/2024, 02:00
240823-ce59mazbnh 423/08/2024, 01:37
240823-b1992a1dmm 523/08/2024, 01:24
240823-bsm5jazhpp 523/08/2024, 00:51
240823-a7p21awhld 6General
-
Target
Application Files - system32.zip
-
Size
200.3MB
-
Sample
240823-sp1d5athqk
-
MD5
9e13c0126b7f608956f951212b77efdb
-
SHA1
7c486a0f69ad4f21be45954df7bdc2f4ce9b0dad
-
SHA256
b9af69ac821a649f211c99e3edf32a76a213e9450b5e972a6cdda5758af530dd
-
SHA512
15b133823bf17179d3f806893480c77082d8a6442d885cfd5f1c77d8fdd476cafe63201fa030d60dbc812d9c9be8e8db71d83a714a4c40d8f59dbf28b9528ab5
-
SSDEEP
6291456:nENHZIGVuWulErUOn39qvc00IYv6EbEJY7CqQubcGX:qZRulE54vcbv6tluQGX
Static task
static1
Behavioral task
behavioral1
Sample
MDMAgent.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
MDMAppInstaller.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
MRINFO.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
MRT.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
MSchedExe.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral6
Sample
Magnify.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
MdRes.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral8
Sample
MdSched.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
MdmDiagnosticsTool.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral10
Sample
MicrosoftEdgeBCHost.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
MicrosoftEdgeCP.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral12
Sample
MicrosoftEdgeDevTools.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
MicrosoftEdgeSH.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral14
Sample
MoNotificationUxStub.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
MpSigStub.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral16
Sample
MsSpellCheckingHost.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
MuiUnattend.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral18
Sample
MultiDigiMon.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
NDKPerfCmd.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral20
Sample
NDKPing.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
NETSTAT.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral22
Sample
Narrator.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
NetCfgNotifyObjectHost.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral24
Sample
NetEvtFwdr.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
NetHost.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral26
Sample
Netplwiz.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
NgcIso.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral28
Sample
OOBE-Maintenance.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
OneDriveSetup.exe
Resource
win7-20240704-en
Behavioral task
behavioral30
Sample
OneDriveSetup.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
OpenWith.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral32
Sample
OptionalFeatures.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
MDMAgent.exe
-
Size
168KB
-
MD5
bafd47291621049479f587ccab3774eb
-
SHA1
996b32143f6a805a3de7429b2f6108c7e840da2f
-
SHA256
c0f1eebffd585e0b0b8539200d8b1624567cddf9d88e40aaa40f148c0f2ab3ce
-
SHA512
84aec2df050eeebb2efdb868646095b90a9f8d4479998af892272248c5d55bf056dc14c8e978ad51c07a2c81d310e8735bdc511412cdef90b79302a37a921f7e
-
SSDEEP
3072:haTuTmeuWH77UqNIWT1RcppQSs5isw2pHGniknZqwr2/inmgY:0uKeuWH777mWfcLZUispakim
Score1/10 -
-
-
Target
MDMAppInstaller.exe
-
Size
188KB
-
MD5
a35a514d2cde1c52f15bf7d24987b090
-
SHA1
07cc4ea8d9b53c3112e9bd51fcba4caace3a6b3f
-
SHA256
ea8b096783ee9d05d137c9a9f138328879ef564c4f83aaf42778a4e2dc34c89b
-
SHA512
c3064f80824ac5bf23531758f4caca2d1fbdc74552d9d424cf653fb01219b431ba50441c345a89712a40137865559a7bdb843df0d780547de029ee0205eecf7b
-
SSDEEP
3072:iccJ2gl663MR/BddemAksS+lYu1UvbfrVaAegvIQUUcMw:W2gl663MpPjsS+lYu1UvbZaAjvBSM
Score1/10 -
-
-
Target
MRINFO.EXE
-
Size
36KB
-
MD5
3f2eb6e362692c5397c7301540520cfe
-
SHA1
b2ffa14c6335e4110c1cea84b8e8e4a909a861ae
-
SHA256
e059fa6bf890b2f09efadbd08f733ad8e2d88705b425cf2d31a2ee26b44cfb19
-
SHA512
35710609cf5597e9a0bde201d1b4cfee7aa390c48bb567f4ecc78f29db2362783f36bd11d3ec2b0b140408a49f71c63ce65ed54265bdf269ac30a4b78c988e8f
-
SSDEEP
384:4BIOCyxZby29b0bYczGLVRSURPaVaLn4IWH8W:42WbIbVKfSVaLn4h
Score1/10 -
-
-
Target
MRT.exe
-
Size
188.0MB
-
MD5
6c6a5d2f148d503a61ff2497a3df0893
-
SHA1
7e7c1cef7edb6639e6744126e23f78c22468c8c2
-
SHA256
27f74e49d7263156339c0b950fdbd6c98f633254229085814689ba348ea4d85a
-
SHA512
6802cab34458e7711b21ea28cf9c53e08bc59a35f53aecbd73a1dd67aac3401406551a48929cce14c55d5cd609cc358273806ffe9f931af9300a8076d383c07a
-
SSDEEP
3145728:ehWmMmF5xzBXBurZpPTuFJajqq+YnNPSENNK6oZBSLtwgfpe/p/i/E5x5/pE5x7e:ehWilB/IEvCBNs
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
MSchedExe.exe
-
Size
100KB
-
MD5
feb36688c957af591499f3d740a1dc01
-
SHA1
ae6ece8bbfa953cd77fb6ca655f8f6f40e3e6f2f
-
SHA256
e287fbed8c9b6c221aa2ba7ee7191be85e9db9e3b5e7978b8b13ba83c13650bd
-
SHA512
6073f63dce0c724a4bb48a82e8d3eb9e8f9587ab84c63e120fb69cb63a2d869a3691b5afbdcc3f17ad196b220bf6dc80322ba58d76c26660ddcaabbdec411aca
-
SSDEEP
1536:htREC/rMcgEPJV+G57ThjEC0kzJP+V5Jpy:hzECTMpuDhjRVJGjy
Score1/10 -
-
-
Target
Magnify.exe
-
Size
732KB
-
MD5
a9dbf174798cd03adc0b7a1adf493c76
-
SHA1
23a5b59677a06a7c93dea8bf822ae1de355902b2
-
SHA256
8d9f9ea080229ab3e37a58fac74bf0cfae89d04c5735f5111bdb982489526acf
-
SHA512
9e73ed6f15f56dccee8eb59a13dcb6a3110b0f711166c3ee8efdff4a70ff15bd9ad4797ff105c1d9d055717d789b50695ce7326b4b435a4ab86f7bc3a1440bdd
-
SSDEEP
6144:WFNGPP4aSUG484rRGgN8jZpkknnfG4MHnmGg9WCyeuVx1uSx63gDWQmUasVCVSuM:WqPgaSUG4Fr7NmZnmVgICkduS03ce
Score3/10 -
-
-
Target
MdRes.exe
-
Size
104KB
-
MD5
36fee1d570563b2e58c6f5988f84af32
-
SHA1
74f09fb27bea2830c77bbf52be4c0d43608522c3
-
SHA256
ee1aecc09c8f3d116a63d8f54f54bca0b992795f5ce37dae13c60964095c1116
-
SHA512
a43007c6578ee10ed4db4ada5a32e875af6c0bd46d8fce98990f3755a38b58843beb0d33fc00fe59973d947c5cdfef8399b1be4e4abb336dff099047d58a171f
-
SSDEEP
1536:+O2fCa6pCrm+65tFI720+VpmDOzc4JNWxwB1MjVJmRc:+O2fmCre/FO+VQDUcUNWs+jm6
Score1/10 -
-
-
Target
MdSched.exe
-
Size
108KB
-
MD5
efdbaa148b41321c82c3b84134d5b5ba
-
SHA1
64d20c418118b18f17c6c95c14303bd08a803307
-
SHA256
473e783bb18a534d290d6205e3278d8c5e31bb97a926b040eb0b6763e992b892
-
SHA512
1b42971af40f1c963588ac33f943a412ca28a8185328ac5c424c340496a00a8d3d281b739a1e3adda433c43999401ebdecde57e614e83379fb3dc4192fcbe78f
-
SSDEEP
1536:yHpVl+HFx+aCM2m+65tFI720+VpmDOzc4JNWxwB1MjVJmRc:yvaCM2e/FO+VQDUcUNWs+jm6
Score1/10 -
-
-
Target
MdmDiagnosticsTool.exe
-
Size
88KB
-
MD5
4c370c40d0af547a646025473505d61a
-
SHA1
81d357fbb574716a6fc305371daa5f998626f157
-
SHA256
0a709ed80041b53da12a27d753fc66ab3cc2e952b359247297dd1fad12e40697
-
SHA512
5a4a6838f07350c2b717bf9a801175e7f0360e731a02d4afadd532469d1ef376d50cc4d66b55eacaaafc0793bd324e8b405aad1900a30253282ec9e36124296f
-
SSDEEP
1536:sDNodPKE/JWC/UEtphX9QIP6ZjFyc+WtdlSPTQzMyF:sOA/QzbQI051+gdwPTQ4o
Score1/10 -
-
-
Target
MicrosoftEdgeBCHost.exe
-
Size
120KB
-
MD5
6b3320cb604335e44968b2f39c9f2638
-
SHA1
2d7a097244a84b5330a1d20e62572f1ab7906db2
-
SHA256
7c6691a41d90d952f01503c4c49779a928a623625ba4962b92887a61913e25b5
-
SHA512
ff6d479a02b6f7ab5d1c8cb47b02ee933bc9e1271ca9ed103aff9d95fdb874db8ad33651deef460fab79fbf93704181e62735e40f3bb5ae2167d9953859bccde
-
SSDEEP
1536:ZYwHoSpDV7E4RsqQ+fvShXXoEDS+qUrA8ARno5ZZnP8Rg:loSph7E4RsHzeEmaAxoPRP8Rg
Score1/10 -
-
-
Target
MicrosoftEdgeCP.exe
-
Size
120KB
-
MD5
6b3320cb604335e44968b2f39c9f2638
-
SHA1
2d7a097244a84b5330a1d20e62572f1ab7906db2
-
SHA256
7c6691a41d90d952f01503c4c49779a928a623625ba4962b92887a61913e25b5
-
SHA512
ff6d479a02b6f7ab5d1c8cb47b02ee933bc9e1271ca9ed103aff9d95fdb874db8ad33651deef460fab79fbf93704181e62735e40f3bb5ae2167d9953859bccde
-
SSDEEP
1536:ZYwHoSpDV7E4RsqQ+fvShXXoEDS+qUrA8ARno5ZZnP8Rg:loSph7E4RsHzeEmaAxoPRP8Rg
Score1/10 -
-
-
Target
MicrosoftEdgeDevTools.exe
-
Size
120KB
-
MD5
6b3320cb604335e44968b2f39c9f2638
-
SHA1
2d7a097244a84b5330a1d20e62572f1ab7906db2
-
SHA256
7c6691a41d90d952f01503c4c49779a928a623625ba4962b92887a61913e25b5
-
SHA512
ff6d479a02b6f7ab5d1c8cb47b02ee933bc9e1271ca9ed103aff9d95fdb874db8ad33651deef460fab79fbf93704181e62735e40f3bb5ae2167d9953859bccde
-
SSDEEP
1536:ZYwHoSpDV7E4RsqQ+fvShXXoEDS+qUrA8ARno5ZZnP8Rg:loSph7E4RsHzeEmaAxoPRP8Rg
Score1/10 -
-
-
Target
MicrosoftEdgeSH.exe
-
Size
80KB
-
MD5
12b855d3e414321e664f66eb54eec721
-
SHA1
e3df57c08d553e479c544a5a2560acd257dabcfb
-
SHA256
13b88693808c5cf01d03b5e4cc242f02685c7a1f9e6ccc31a6dce19b33824042
-
SHA512
7e261238eecc95672b3c519672c43b74acb7e0c80571aa0bf5873352067b776564c0ca0a0685fbb970be833d3d9c00f36e798b5086832d129550e112bd0d4b6c
-
SSDEEP
1536:UYRKRLwEvBpt6BtrSJsZCHRNQYNTB5XQ+wlHYb:7oRLFvIsaPYNTrXpwJYb
-
-
-
Target
MoNotificationUxStub.exe
-
Size
80KB
-
MD5
91c0d9ab60ed1dcb34832daccadf76cf
-
SHA1
d1cfe5eec797ee35c783492dc0d6388d14d9d74d
-
SHA256
ca8947104398c2e1c99357fc004a877cdd381d4887c937cac41defa9160c717b
-
SHA512
8c638189d5f60aa1bc478c9490f02bd4d1bae4066a9e0b1efc30f0dc7fb9118d8240aad26b4de41316fc2833fb69f8b06f1ec7539089aeee8ea10d8f8bf80d59
-
SSDEEP
1536:rQNpRWtUSOxQlVlE03QclV9N19NAc0nH3stj6cZ8:Qp7sBJIzH3Ojhm
Score1/10 -
-
-
Target
MpSigStub.exe
-
Size
897KB
-
MD5
71cf589293424c4389202c7f1752fb2d
-
SHA1
6103d9f6bf95c772c8b7ee89aee370cdca4642f8
-
SHA256
071b0d3a08503a8b88aeeda1d20f371a563377028f6e252dc66cce60ab8f823e
-
SHA512
893ad57ffa14912ce51e33461f9786d6976ea6d57ef66cf74b6e1fcc97ce9aa5a49632d73c84bf575256234b6ac3df2451976846dafa2fe34668bea7295bdd17
-
SSDEEP
24576:TWH4TQVfeVKIMfjStr2boxmOiQUTd110TpZSn:TXTgeVKPjStr2boxm9d110Nk
Score1/10 -
-
-
Target
MsSpellCheckingHost.exe
-
Size
96KB
-
MD5
22973418b6075eecbf2ec4045e5375b2
-
SHA1
fc89df8bf29ccc4155068d7df745be73dcecc1af
-
SHA256
1472b5fdba95019219260499e62e34dbe4822723d0c4422159b10930d8e9c858
-
SHA512
30e4bc6b54e652de270f1034bf0546799a754efc5b1d0cbd9307e432f162004279a081477ffb3341a5f646f81516d2426d7791177098e7608ac101e666090cb7
-
SSDEEP
1536:rVnkbasiUSSP+1DogApjpvOEpb32azUOPaMYx+twVZRK4U5InDW72Ap6ly:rNCal91DbAsEpbmT+EZRKrOnDW72Ap6l
Score1/10 -
-
-
Target
MuiUnattend.exe
-
Size
112KB
-
MD5
b7b49d500208228a3e59235bfaaec255
-
SHA1
8848fc29ca973361304e6e6ae244aa4d11130d5a
-
SHA256
a15583a62ff9c7ab4029f426a0013da4dd1feed8278ce909e68cc104087d057e
-
SHA512
3022961fbc080a4c1e3bbbd7a4a65192664fc63d52be61f1b53e01fdf78693d69a3f92a07b52a4d063ee4aaac15e69e77861630d05f4648fa956514477ac9427
-
SSDEEP
1536:qqTARk/LQAVhnB7cevHaUuQzE5UYRf6JgvzSpjAbKNKhWaKAm:qFRk1bRaEzef5vmWiAC
Score4/10 -
-
-
Target
MultiDigiMon.exe
-
Size
76KB
-
MD5
355484a267b4d4590561a2b75fed106f
-
SHA1
08d7dedd34c30e49ec417b5368e6fd37a7037836
-
SHA256
4b88ad4a9f7e8081738d33248ad0acd7e7fc64b21fb3f33e3a28dbd5e91ace62
-
SHA512
2cd06c97b7a9988daa73f092d78087c5c00f39b821f9157a14d98c517b0515be536a39f4a678e06b70eeaa9c95537d503207a573de04a4278bfbf887b8df5e5c
-
SSDEEP
768:6Ip765eBshHeJ3jD9s2b5Bf3j851H3b6xLrRI16mi8fQkOqdfdh22C+BH7sFpCKS:TIcmeVD35Bf3yJELr8QkFdfW2jbJKM
Score1/10 -
-
-
Target
NDKPerfCmd.exe
-
Size
53KB
-
MD5
b858cdd77d2b855b5a4a080f8c8aba5c
-
SHA1
85f6db9a8ca32701287d98a3cdc7c0fe29598ed7
-
SHA256
41c8f4dfbcb6b11c2d20234ef5b31cb3d9839ccd969631c76f9f29402ba3df0f
-
SHA512
339a8b2c4cce3cc953d99df2932d513ae900f4063011a512c30fdd36267449a9a39f2778b006920e9469216d4bfe3998c22276a16ac31759adb65b5943c72514
-
SSDEEP
384:5hJHdCrywuZukokXii9iAjX3LZjigC5987EIVIWxWQfWYDBRJJY1Z0R9zbL:suukokjxjib9QEIVxh1PUZ49zH
Score1/10 -
-
-
Target
NDKPing.exe
-
Size
49KB
-
MD5
a24731c00bd71e2222f090fc7ad5787a
-
SHA1
cde148117f42dcdd9c1aa6fd4e861abbf61a9866
-
SHA256
64d64c3c8503e54068d5cace551cd30bb4d5894e59b4082231f348754393403e
-
SHA512
b9b68e6ee7d329aebc659551e590f8dfe92000dfe86792600593cbf9ebf21b54be98cf8a47efcab877dbbb520f93b4918d421af50b66e40fc6aa9dfdf8c0c187
-
SSDEEP
384:U2fkfAq8KkXZB3d0i9iAK8HZeiKoelCbxIW82fLjWIWWxDBRJP+NcM6a1R9z/frj:Ul4JBTPeiI4baW82fjZ1PWn6K9z84
Score3/10 -
-
-
Target
NETSTAT.EXE
-
Size
64KB
-
MD5
1118b7ad29748c374971e36c9a5fe1d8
-
SHA1
1ac3581352c055852569ca2b5f4db69fcaf17f02
-
SHA256
6d656d8da855cc4f7d5152d81769124c05bbbcc906408e53dc2cf19e90498c57
-
SHA512
a1baf619c4d4fe993140cf07c446b69db04dc5a877dd4bcc2e36d164520767558458995c14b165fec57076e2f45911aa049243e625fb1e72945e183e692a6ad0
-
SSDEEP
768:R61hRMG+F36Z0/tYUjgAJaoNjy+r5zmBU/xb9YuzGsJh7cdV57dOSA4f8:R6/R3O36Z0/tEyaoNjy+r5zmBMhwf8
Score1/10 -
-
-
Target
Narrator.exe
-
Size
596KB
-
MD5
e394fa14eca0d2c0a098c35d543ff79f
-
SHA1
67a4f1353e17b49671d97d68e5df06558362600a
-
SHA256
4801e79129c89c39df996da3be23b0af3f4f9715f2d36ec75ac8fc6708ddc0bf
-
SHA512
90ee47013c9998a891569914e615c44852a4d25c532cefd73c09136fb30fec63c7351f3f437bc0fe6db5806ef74f02f042ab83174d140b617c6ddaf72d1673a5
-
SSDEEP
6144:TvPjItGMH6WIN9AejyGePQhLdvJS3lptAy+7vJj3bO3TJjaVL+Kzrr4x8:Tctvc7AeyPQZJgV/e7vlyjTKzrA8
Score3/10 -
-
-
Target
NetCfgNotifyObjectHost.exe
-
Size
96KB
-
MD5
cf57ca3a3e0b35c39da669594a62085f
-
SHA1
5396cb7585c474d64a579c9cd789b31b95b4e341
-
SHA256
32ea8b4937de1ffb4c12b84725c86c17d8c30c794acc2d34805906b140e92e38
-
SHA512
188bd4a4ac5037d8c67e18dc958ffc929317ef1be1b518f19c84fd65f093bd2f5f7e19554ab5fa7e36a8a7948ed0abc69e5d293cc9b1f800686d74f0320d22e1
-
SSDEEP
1536:V8NBUlnCYtJCLGhXNi8ArWUS47M9h5Lr6X0hkJyAE4MY:VyOGGfWjxY9WOCyb4F
Score1/10 -
-
-
Target
NetEvtFwdr.exe
-
Size
52KB
-
MD5
11b968dfc7bd01236375a5687c593a79
-
SHA1
c0a396d2edce038d92a93b72cf0f4a4afa2af223
-
SHA256
7fca1bfc349dcad174017969f51e75aa68f0be1998a6d97ec2a3142fa1409fab
-
SHA512
c33d30281050b08db68e9ad99ffde1e0331ae4e58457444039552eccb826be19175216f7752b5f778377bec2d8cdce94aa15055773e26b4fceefe61a92c2d2fd
-
SSDEEP
768:rv8itTnTqnZTxljtqDJpfRfj8F8mrOSUiYA5iAiZrk/IRy:HBaZTXtqDJpfyF8mrODiYTAiFk/IRy
Score1/10 -
-
-
Target
NetHost.exe
-
Size
32KB
-
MD5
f922f6fa603eee3db5dfb1916de57699
-
SHA1
ddae237fbb273127c975ab4bf99b2583a25625c5
-
SHA256
4995247022a423d46cd28e5fa2ec92da287a1a130ef4ca44d668fedc9d9d00da
-
SHA512
83cea0ccc652b44df6ea8c6576d4123ad166bc78bf7289f96394742f3f3cacaa20cab15d5ab4cbb60c0d1b14e3cdb6e2a0ff67627c570c1e6a291de747abccf1
-
SSDEEP
192:S7D5cmzQNJlIYXqJxftZaafkfHwpWdkqW:aNnQT6Y8pKTfQpWdkqW
Score1/10 -
-
-
Target
Netplwiz.exe
-
Size
64KB
-
MD5
c4995e0f246fb240980117067d279abf
-
SHA1
bdf17cc4125fcd3d5acd94f5fe7b2486913dfcd6
-
SHA256
8011f12e0e13336b432c3f3640894ed5ac1c18fa20ef214c3f6efdd61f268e89
-
SHA512
4dee8de1532cbce34c82d242d38bedcea014bd56f14606bdf9a22a6b20e5b5b112c8fe561ea20f07734e4469d198a3e016deb38fe5e2f05be6468e50a4b95b8f
-
SSDEEP
768:gA3tPkEiajYz462Vo/hnGkrWWEE9TuDUBUiysJqfUrh6WeENiJDBPrxZt48:gKkFr/hn/zEmUiycNeWSDBPrxZa8
Score1/10 -
-
-
Target
NgcIso.exe
-
Size
546KB
-
MD5
1e831a5ef4fb38bba50fbd4962cb6f5d
-
SHA1
69f519e9d92fe45694dfa12825231bfed7434134
-
SHA256
c167091f4b985fd8eaf1194697e22d646dc0ca8e01fb68d0cf5bfbe6136c0ae9
-
SHA512
125eaae6f729b156c74f371c364f0bd15d870ab4aec48bb3187666c4347747ba15d59e4f2f1f6d905dcc0ed5e53f67b9a081e312abb695e733d9bf9201fa9660
-
SSDEEP
6144:8+N2iMBPcsYPjsNWUXlBs7ogaRdKTOFmfdTFcVilRggWAZaZt+pSpyRJXAG+rzE:81BPcFrLql2wKTucpNWAZaZt+tdqE
Score1/10 -
-
-
Target
OOBE-Maintenance.exe
-
Size
122KB
-
MD5
ae73e963cbf32ea1192922427a54cfd3
-
SHA1
ce8ad573c527ab9b8af5ff359b8cb6bb17179b21
-
SHA256
ebf8d61e11ac5d72511ec6e7116ab5585632abea82834adce487478175206f8c
-
SHA512
a36f91c775b930dd0290a2e6e39215fa6c65f4b87695d204257aa364cef67ac8ff760de8796552a71ab52ce65fb077a80a34e1b1b466c82b9b912d1faa13b35f
-
SSDEEP
1536:6uYvqHC2n3GyNFhX/Ah1IK+dj+MxxIkL7omIcoKCE45nHQlgYNILPfzm:6STn3hHE1IK+F+MxGuVIctBKXa
Score1/10 -
-
-
Target
OneDriveSetup.exe
-
Size
48.0MB
-
MD5
1382660b084b8791b400739542442783
-
SHA1
3ecbe73642812498f3e4fad5dc47f8a9573fd4fb
-
SHA256
48a181bb27dcdffbf2d467e6004a40677b68d2d07399dd87f5ee0a2b51e5837c
-
SHA512
8d49071449384678794a0188bad7b3cdfb2c90e11b36b5923b38362dbf21fb98188f5eafc5d5b41f6dfc8ed5d88335600a17c044af05f1afa8a989d86c7463f2
-
SSDEEP
786432:2QAM/bg9LA622CSAqL7Xis205pR40RKBVLiRIBqVbCj1/IwInTVk0:26D2NlbF5pHKQXbCJ/IA0
Score8/10-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
-
-
Target
OpenWith.exe
-
Size
154KB
-
MD5
652c3127b5da80d10c0089f85414205f
-
SHA1
5e93aa48b2508ddb47e218c9903ada0c851b8ba1
-
SHA256
11087185d089bcf1a57be895af6e9ff736dbe7cf53392ca48dbc76fe05eb890b
-
SHA512
a4f9a61eacf14671a823d666a4edf5bb7428908857603a1e471af9422b171134d07783cac92b6e974c637fb14157cb4a0446b0d4c38d2fa3dbbe90be16e494ea
-
SSDEEP
3072:jC9fSZL0zImXE+CvNJyy7EMiztkPfnV2dUhRMrer+CE+GI5XM:cfG0ImXE+CvNJyOEhwfnIdUhaeLE+GKc
Score1/10 -
-
-
Target
OptionalFeatures.exe
-
Size
132KB
-
MD5
622bc3e86c0ab39f0cce11072f808349
-
SHA1
dca438f37068180168a1fcd5b868bec282766182
-
SHA256
e6ec7d58e0ff6de0fc0e1e1f3f8c3fae84d7dd0817e3eaae0ab0d560172f4c53
-
SHA512
a08e2946a07009589fe55e1e81e49ee6c176a8c3693e90a79b59891598892842d3987a10287b8bf4982fbdd10305abc6542ef9a2cd76621c62e6f50ec4a0f331
-
SSDEEP
3072:3M9cG4bEaznWfH22ZsuX2xKwMPTnaSrIrvDZ:3ScGGznWjZnXeKwMLnaqY
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
4Accessibility Features
1Change Default File Association
1Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
4Accessibility Features
1Change Default File Association
1Component Object Model Hijacking
1Image File Execution Options Injection
1