Resubmissions

23/08/2024, 16:00

240823-tf47dsteqe 6

23/08/2024, 15:32

240823-sy293sseld 4

23/08/2024, 15:18

240823-sp1d5athqk 8

23/08/2024, 14:12

240823-rjcv7sydnd 7

23/08/2024, 02:33

240823-c17dta1cpd 7

23/08/2024, 02:11

240823-cmbpzszelg 4

23/08/2024, 02:00

240823-ce59mazbnh 4

23/08/2024, 01:37

240823-b1992a1dmm 5

23/08/2024, 01:24

240823-bsm5jazhpp 5

23/08/2024, 00:51

240823-a7p21awhld 6

General

  • Target

    Application Files - system32.zip

  • Size

    200.3MB

  • Sample

    240823-sp1d5athqk

  • MD5

    9e13c0126b7f608956f951212b77efdb

  • SHA1

    7c486a0f69ad4f21be45954df7bdc2f4ce9b0dad

  • SHA256

    b9af69ac821a649f211c99e3edf32a76a213e9450b5e972a6cdda5758af530dd

  • SHA512

    15b133823bf17179d3f806893480c77082d8a6442d885cfd5f1c77d8fdd476cafe63201fa030d60dbc812d9c9be8e8db71d83a714a4c40d8f59dbf28b9528ab5

  • SSDEEP

    6291456:nENHZIGVuWulErUOn39qvc00IYv6EbEJY7CqQubcGX:qZRulE54vcbv6tluQGX

Malware Config

Targets

    • Target

      MDMAgent.exe

    • Size

      168KB

    • MD5

      bafd47291621049479f587ccab3774eb

    • SHA1

      996b32143f6a805a3de7429b2f6108c7e840da2f

    • SHA256

      c0f1eebffd585e0b0b8539200d8b1624567cddf9d88e40aaa40f148c0f2ab3ce

    • SHA512

      84aec2df050eeebb2efdb868646095b90a9f8d4479998af892272248c5d55bf056dc14c8e978ad51c07a2c81d310e8735bdc511412cdef90b79302a37a921f7e

    • SSDEEP

      3072:haTuTmeuWH77UqNIWT1RcppQSs5isw2pHGniknZqwr2/inmgY:0uKeuWH777mWfcLZUispakim

    Score
    1/10
    • Target

      MDMAppInstaller.exe

    • Size

      188KB

    • MD5

      a35a514d2cde1c52f15bf7d24987b090

    • SHA1

      07cc4ea8d9b53c3112e9bd51fcba4caace3a6b3f

    • SHA256

      ea8b096783ee9d05d137c9a9f138328879ef564c4f83aaf42778a4e2dc34c89b

    • SHA512

      c3064f80824ac5bf23531758f4caca2d1fbdc74552d9d424cf653fb01219b431ba50441c345a89712a40137865559a7bdb843df0d780547de029ee0205eecf7b

    • SSDEEP

      3072:iccJ2gl663MR/BddemAksS+lYu1UvbfrVaAegvIQUUcMw:W2gl663MpPjsS+lYu1UvbZaAjvBSM

    Score
    1/10
    • Target

      MRINFO.EXE

    • Size

      36KB

    • MD5

      3f2eb6e362692c5397c7301540520cfe

    • SHA1

      b2ffa14c6335e4110c1cea84b8e8e4a909a861ae

    • SHA256

      e059fa6bf890b2f09efadbd08f733ad8e2d88705b425cf2d31a2ee26b44cfb19

    • SHA512

      35710609cf5597e9a0bde201d1b4cfee7aa390c48bb567f4ecc78f29db2362783f36bd11d3ec2b0b140408a49f71c63ce65ed54265bdf269ac30a4b78c988e8f

    • SSDEEP

      384:4BIOCyxZby29b0bYczGLVRSURPaVaLn4IWH8W:42WbIbVKfSVaLn4h

    Score
    1/10
    • Target

      MRT.exe

    • Size

      188.0MB

    • MD5

      6c6a5d2f148d503a61ff2497a3df0893

    • SHA1

      7e7c1cef7edb6639e6744126e23f78c22468c8c2

    • SHA256

      27f74e49d7263156339c0b950fdbd6c98f633254229085814689ba348ea4d85a

    • SHA512

      6802cab34458e7711b21ea28cf9c53e08bc59a35f53aecbd73a1dd67aac3401406551a48929cce14c55d5cd609cc358273806ffe9f931af9300a8076d383c07a

    • SSDEEP

      3145728:ehWmMmF5xzBXBurZpPTuFJajqq+YnNPSENNK6oZBSLtwgfpe/p/i/E5x5/pE5x7e:ehWilB/IEvCBNs

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Target

      MSchedExe.exe

    • Size

      100KB

    • MD5

      feb36688c957af591499f3d740a1dc01

    • SHA1

      ae6ece8bbfa953cd77fb6ca655f8f6f40e3e6f2f

    • SHA256

      e287fbed8c9b6c221aa2ba7ee7191be85e9db9e3b5e7978b8b13ba83c13650bd

    • SHA512

      6073f63dce0c724a4bb48a82e8d3eb9e8f9587ab84c63e120fb69cb63a2d869a3691b5afbdcc3f17ad196b220bf6dc80322ba58d76c26660ddcaabbdec411aca

    • SSDEEP

      1536:htREC/rMcgEPJV+G57ThjEC0kzJP+V5Jpy:hzECTMpuDhjRVJGjy

    Score
    1/10
    • Target

      Magnify.exe

    • Size

      732KB

    • MD5

      a9dbf174798cd03adc0b7a1adf493c76

    • SHA1

      23a5b59677a06a7c93dea8bf822ae1de355902b2

    • SHA256

      8d9f9ea080229ab3e37a58fac74bf0cfae89d04c5735f5111bdb982489526acf

    • SHA512

      9e73ed6f15f56dccee8eb59a13dcb6a3110b0f711166c3ee8efdff4a70ff15bd9ad4797ff105c1d9d055717d789b50695ce7326b4b435a4ab86f7bc3a1440bdd

    • SSDEEP

      6144:WFNGPP4aSUG484rRGgN8jZpkknnfG4MHnmGg9WCyeuVx1uSx63gDWQmUasVCVSuM:WqPgaSUG4Fr7NmZnmVgICkduS03ce

    • Target

      MdRes.exe

    • Size

      104KB

    • MD5

      36fee1d570563b2e58c6f5988f84af32

    • SHA1

      74f09fb27bea2830c77bbf52be4c0d43608522c3

    • SHA256

      ee1aecc09c8f3d116a63d8f54f54bca0b992795f5ce37dae13c60964095c1116

    • SHA512

      a43007c6578ee10ed4db4ada5a32e875af6c0bd46d8fce98990f3755a38b58843beb0d33fc00fe59973d947c5cdfef8399b1be4e4abb336dff099047d58a171f

    • SSDEEP

      1536:+O2fCa6pCrm+65tFI720+VpmDOzc4JNWxwB1MjVJmRc:+O2fmCre/FO+VQDUcUNWs+jm6

    Score
    1/10
    • Target

      MdSched.exe

    • Size

      108KB

    • MD5

      efdbaa148b41321c82c3b84134d5b5ba

    • SHA1

      64d20c418118b18f17c6c95c14303bd08a803307

    • SHA256

      473e783bb18a534d290d6205e3278d8c5e31bb97a926b040eb0b6763e992b892

    • SHA512

      1b42971af40f1c963588ac33f943a412ca28a8185328ac5c424c340496a00a8d3d281b739a1e3adda433c43999401ebdecde57e614e83379fb3dc4192fcbe78f

    • SSDEEP

      1536:yHpVl+HFx+aCM2m+65tFI720+VpmDOzc4JNWxwB1MjVJmRc:yvaCM2e/FO+VQDUcUNWs+jm6

    Score
    1/10
    • Target

      MdmDiagnosticsTool.exe

    • Size

      88KB

    • MD5

      4c370c40d0af547a646025473505d61a

    • SHA1

      81d357fbb574716a6fc305371daa5f998626f157

    • SHA256

      0a709ed80041b53da12a27d753fc66ab3cc2e952b359247297dd1fad12e40697

    • SHA512

      5a4a6838f07350c2b717bf9a801175e7f0360e731a02d4afadd532469d1ef376d50cc4d66b55eacaaafc0793bd324e8b405aad1900a30253282ec9e36124296f

    • SSDEEP

      1536:sDNodPKE/JWC/UEtphX9QIP6ZjFyc+WtdlSPTQzMyF:sOA/QzbQI051+gdwPTQ4o

    Score
    1/10
    • Target

      MicrosoftEdgeBCHost.exe

    • Size

      120KB

    • MD5

      6b3320cb604335e44968b2f39c9f2638

    • SHA1

      2d7a097244a84b5330a1d20e62572f1ab7906db2

    • SHA256

      7c6691a41d90d952f01503c4c49779a928a623625ba4962b92887a61913e25b5

    • SHA512

      ff6d479a02b6f7ab5d1c8cb47b02ee933bc9e1271ca9ed103aff9d95fdb874db8ad33651deef460fab79fbf93704181e62735e40f3bb5ae2167d9953859bccde

    • SSDEEP

      1536:ZYwHoSpDV7E4RsqQ+fvShXXoEDS+qUrA8ARno5ZZnP8Rg:loSph7E4RsHzeEmaAxoPRP8Rg

    Score
    1/10
    • Target

      MicrosoftEdgeCP.exe

    • Size

      120KB

    • MD5

      6b3320cb604335e44968b2f39c9f2638

    • SHA1

      2d7a097244a84b5330a1d20e62572f1ab7906db2

    • SHA256

      7c6691a41d90d952f01503c4c49779a928a623625ba4962b92887a61913e25b5

    • SHA512

      ff6d479a02b6f7ab5d1c8cb47b02ee933bc9e1271ca9ed103aff9d95fdb874db8ad33651deef460fab79fbf93704181e62735e40f3bb5ae2167d9953859bccde

    • SSDEEP

      1536:ZYwHoSpDV7E4RsqQ+fvShXXoEDS+qUrA8ARno5ZZnP8Rg:loSph7E4RsHzeEmaAxoPRP8Rg

    Score
    1/10
    • Target

      MicrosoftEdgeDevTools.exe

    • Size

      120KB

    • MD5

      6b3320cb604335e44968b2f39c9f2638

    • SHA1

      2d7a097244a84b5330a1d20e62572f1ab7906db2

    • SHA256

      7c6691a41d90d952f01503c4c49779a928a623625ba4962b92887a61913e25b5

    • SHA512

      ff6d479a02b6f7ab5d1c8cb47b02ee933bc9e1271ca9ed103aff9d95fdb874db8ad33651deef460fab79fbf93704181e62735e40f3bb5ae2167d9953859bccde

    • SSDEEP

      1536:ZYwHoSpDV7E4RsqQ+fvShXXoEDS+qUrA8ARno5ZZnP8Rg:loSph7E4RsHzeEmaAxoPRP8Rg

    Score
    1/10
    • Target

      MicrosoftEdgeSH.exe

    • Size

      80KB

    • MD5

      12b855d3e414321e664f66eb54eec721

    • SHA1

      e3df57c08d553e479c544a5a2560acd257dabcfb

    • SHA256

      13b88693808c5cf01d03b5e4cc242f02685c7a1f9e6ccc31a6dce19b33824042

    • SHA512

      7e261238eecc95672b3c519672c43b74acb7e0c80571aa0bf5873352067b776564c0ca0a0685fbb970be833d3d9c00f36e798b5086832d129550e112bd0d4b6c

    • SSDEEP

      1536:UYRKRLwEvBpt6BtrSJsZCHRNQYNTB5XQ+wlHYb:7oRLFvIsaPYNTrXpwJYb

    Score
    6/10
    • Target

      MoNotificationUxStub.exe

    • Size

      80KB

    • MD5

      91c0d9ab60ed1dcb34832daccadf76cf

    • SHA1

      d1cfe5eec797ee35c783492dc0d6388d14d9d74d

    • SHA256

      ca8947104398c2e1c99357fc004a877cdd381d4887c937cac41defa9160c717b

    • SHA512

      8c638189d5f60aa1bc478c9490f02bd4d1bae4066a9e0b1efc30f0dc7fb9118d8240aad26b4de41316fc2833fb69f8b06f1ec7539089aeee8ea10d8f8bf80d59

    • SSDEEP

      1536:rQNpRWtUSOxQlVlE03QclV9N19NAc0nH3stj6cZ8:Qp7sBJIzH3Ojhm

    Score
    1/10
    • Target

      MpSigStub.exe

    • Size

      897KB

    • MD5

      71cf589293424c4389202c7f1752fb2d

    • SHA1

      6103d9f6bf95c772c8b7ee89aee370cdca4642f8

    • SHA256

      071b0d3a08503a8b88aeeda1d20f371a563377028f6e252dc66cce60ab8f823e

    • SHA512

      893ad57ffa14912ce51e33461f9786d6976ea6d57ef66cf74b6e1fcc97ce9aa5a49632d73c84bf575256234b6ac3df2451976846dafa2fe34668bea7295bdd17

    • SSDEEP

      24576:TWH4TQVfeVKIMfjStr2boxmOiQUTd110TpZSn:TXTgeVKPjStr2boxm9d110Nk

    Score
    1/10
    • Target

      MsSpellCheckingHost.exe

    • Size

      96KB

    • MD5

      22973418b6075eecbf2ec4045e5375b2

    • SHA1

      fc89df8bf29ccc4155068d7df745be73dcecc1af

    • SHA256

      1472b5fdba95019219260499e62e34dbe4822723d0c4422159b10930d8e9c858

    • SHA512

      30e4bc6b54e652de270f1034bf0546799a754efc5b1d0cbd9307e432f162004279a081477ffb3341a5f646f81516d2426d7791177098e7608ac101e666090cb7

    • SSDEEP

      1536:rVnkbasiUSSP+1DogApjpvOEpb32azUOPaMYx+twVZRK4U5InDW72Ap6ly:rNCal91DbAsEpbmT+EZRKrOnDW72Ap6l

    Score
    1/10
    • Target

      MuiUnattend.exe

    • Size

      112KB

    • MD5

      b7b49d500208228a3e59235bfaaec255

    • SHA1

      8848fc29ca973361304e6e6ae244aa4d11130d5a

    • SHA256

      a15583a62ff9c7ab4029f426a0013da4dd1feed8278ce909e68cc104087d057e

    • SHA512

      3022961fbc080a4c1e3bbbd7a4a65192664fc63d52be61f1b53e01fdf78693d69a3f92a07b52a4d063ee4aaac15e69e77861630d05f4648fa956514477ac9427

    • SSDEEP

      1536:qqTARk/LQAVhnB7cevHaUuQzE5UYRf6JgvzSpjAbKNKhWaKAm:qFRk1bRaEzef5vmWiAC

    Score
    4/10
    • Target

      MultiDigiMon.exe

    • Size

      76KB

    • MD5

      355484a267b4d4590561a2b75fed106f

    • SHA1

      08d7dedd34c30e49ec417b5368e6fd37a7037836

    • SHA256

      4b88ad4a9f7e8081738d33248ad0acd7e7fc64b21fb3f33e3a28dbd5e91ace62

    • SHA512

      2cd06c97b7a9988daa73f092d78087c5c00f39b821f9157a14d98c517b0515be536a39f4a678e06b70eeaa9c95537d503207a573de04a4278bfbf887b8df5e5c

    • SSDEEP

      768:6Ip765eBshHeJ3jD9s2b5Bf3j851H3b6xLrRI16mi8fQkOqdfdh22C+BH7sFpCKS:TIcmeVD35Bf3yJELr8QkFdfW2jbJKM

    Score
    1/10
    • Target

      NDKPerfCmd.exe

    • Size

      53KB

    • MD5

      b858cdd77d2b855b5a4a080f8c8aba5c

    • SHA1

      85f6db9a8ca32701287d98a3cdc7c0fe29598ed7

    • SHA256

      41c8f4dfbcb6b11c2d20234ef5b31cb3d9839ccd969631c76f9f29402ba3df0f

    • SHA512

      339a8b2c4cce3cc953d99df2932d513ae900f4063011a512c30fdd36267449a9a39f2778b006920e9469216d4bfe3998c22276a16ac31759adb65b5943c72514

    • SSDEEP

      384:5hJHdCrywuZukokXii9iAjX3LZjigC5987EIVIWxWQfWYDBRJJY1Z0R9zbL:suukokjxjib9QEIVxh1PUZ49zH

    Score
    1/10
    • Target

      NDKPing.exe

    • Size

      49KB

    • MD5

      a24731c00bd71e2222f090fc7ad5787a

    • SHA1

      cde148117f42dcdd9c1aa6fd4e861abbf61a9866

    • SHA256

      64d64c3c8503e54068d5cace551cd30bb4d5894e59b4082231f348754393403e

    • SHA512

      b9b68e6ee7d329aebc659551e590f8dfe92000dfe86792600593cbf9ebf21b54be98cf8a47efcab877dbbb520f93b4918d421af50b66e40fc6aa9dfdf8c0c187

    • SSDEEP

      384:U2fkfAq8KkXZB3d0i9iAK8HZeiKoelCbxIW82fLjWIWWxDBRJP+NcM6a1R9z/frj:Ul4JBTPeiI4baW82fjZ1PWn6K9z84

    Score
    3/10
    • Target

      NETSTAT.EXE

    • Size

      64KB

    • MD5

      1118b7ad29748c374971e36c9a5fe1d8

    • SHA1

      1ac3581352c055852569ca2b5f4db69fcaf17f02

    • SHA256

      6d656d8da855cc4f7d5152d81769124c05bbbcc906408e53dc2cf19e90498c57

    • SHA512

      a1baf619c4d4fe993140cf07c446b69db04dc5a877dd4bcc2e36d164520767558458995c14b165fec57076e2f45911aa049243e625fb1e72945e183e692a6ad0

    • SSDEEP

      768:R61hRMG+F36Z0/tYUjgAJaoNjy+r5zmBU/xb9YuzGsJh7cdV57dOSA4f8:R6/R3O36Z0/tEyaoNjy+r5zmBMhwf8

    Score
    1/10
    • Target

      Narrator.exe

    • Size

      596KB

    • MD5

      e394fa14eca0d2c0a098c35d543ff79f

    • SHA1

      67a4f1353e17b49671d97d68e5df06558362600a

    • SHA256

      4801e79129c89c39df996da3be23b0af3f4f9715f2d36ec75ac8fc6708ddc0bf

    • SHA512

      90ee47013c9998a891569914e615c44852a4d25c532cefd73c09136fb30fec63c7351f3f437bc0fe6db5806ef74f02f042ab83174d140b617c6ddaf72d1673a5

    • SSDEEP

      6144:TvPjItGMH6WIN9AejyGePQhLdvJS3lptAy+7vJj3bO3TJjaVL+Kzrr4x8:Tctvc7AeyPQZJgV/e7vlyjTKzrA8

    • Target

      NetCfgNotifyObjectHost.exe

    • Size

      96KB

    • MD5

      cf57ca3a3e0b35c39da669594a62085f

    • SHA1

      5396cb7585c474d64a579c9cd789b31b95b4e341

    • SHA256

      32ea8b4937de1ffb4c12b84725c86c17d8c30c794acc2d34805906b140e92e38

    • SHA512

      188bd4a4ac5037d8c67e18dc958ffc929317ef1be1b518f19c84fd65f093bd2f5f7e19554ab5fa7e36a8a7948ed0abc69e5d293cc9b1f800686d74f0320d22e1

    • SSDEEP

      1536:V8NBUlnCYtJCLGhXNi8ArWUS47M9h5Lr6X0hkJyAE4MY:VyOGGfWjxY9WOCyb4F

    Score
    1/10
    • Target

      NetEvtFwdr.exe

    • Size

      52KB

    • MD5

      11b968dfc7bd01236375a5687c593a79

    • SHA1

      c0a396d2edce038d92a93b72cf0f4a4afa2af223

    • SHA256

      7fca1bfc349dcad174017969f51e75aa68f0be1998a6d97ec2a3142fa1409fab

    • SHA512

      c33d30281050b08db68e9ad99ffde1e0331ae4e58457444039552eccb826be19175216f7752b5f778377bec2d8cdce94aa15055773e26b4fceefe61a92c2d2fd

    • SSDEEP

      768:rv8itTnTqnZTxljtqDJpfRfj8F8mrOSUiYA5iAiZrk/IRy:HBaZTXtqDJpfyF8mrODiYTAiFk/IRy

    Score
    1/10
    • Target

      NetHost.exe

    • Size

      32KB

    • MD5

      f922f6fa603eee3db5dfb1916de57699

    • SHA1

      ddae237fbb273127c975ab4bf99b2583a25625c5

    • SHA256

      4995247022a423d46cd28e5fa2ec92da287a1a130ef4ca44d668fedc9d9d00da

    • SHA512

      83cea0ccc652b44df6ea8c6576d4123ad166bc78bf7289f96394742f3f3cacaa20cab15d5ab4cbb60c0d1b14e3cdb6e2a0ff67627c570c1e6a291de747abccf1

    • SSDEEP

      192:S7D5cmzQNJlIYXqJxftZaafkfHwpWdkqW:aNnQT6Y8pKTfQpWdkqW

    Score
    1/10
    • Target

      Netplwiz.exe

    • Size

      64KB

    • MD5

      c4995e0f246fb240980117067d279abf

    • SHA1

      bdf17cc4125fcd3d5acd94f5fe7b2486913dfcd6

    • SHA256

      8011f12e0e13336b432c3f3640894ed5ac1c18fa20ef214c3f6efdd61f268e89

    • SHA512

      4dee8de1532cbce34c82d242d38bedcea014bd56f14606bdf9a22a6b20e5b5b112c8fe561ea20f07734e4469d198a3e016deb38fe5e2f05be6468e50a4b95b8f

    • SSDEEP

      768:gA3tPkEiajYz462Vo/hnGkrWWEE9TuDUBUiysJqfUrh6WeENiJDBPrxZt48:gKkFr/hn/zEmUiycNeWSDBPrxZa8

    Score
    1/10
    • Target

      NgcIso.exe

    • Size

      546KB

    • MD5

      1e831a5ef4fb38bba50fbd4962cb6f5d

    • SHA1

      69f519e9d92fe45694dfa12825231bfed7434134

    • SHA256

      c167091f4b985fd8eaf1194697e22d646dc0ca8e01fb68d0cf5bfbe6136c0ae9

    • SHA512

      125eaae6f729b156c74f371c364f0bd15d870ab4aec48bb3187666c4347747ba15d59e4f2f1f6d905dcc0ed5e53f67b9a081e312abb695e733d9bf9201fa9660

    • SSDEEP

      6144:8+N2iMBPcsYPjsNWUXlBs7ogaRdKTOFmfdTFcVilRggWAZaZt+pSpyRJXAG+rzE:81BPcFrLql2wKTucpNWAZaZt+tdqE

    Score
    1/10
    • Target

      OOBE-Maintenance.exe

    • Size

      122KB

    • MD5

      ae73e963cbf32ea1192922427a54cfd3

    • SHA1

      ce8ad573c527ab9b8af5ff359b8cb6bb17179b21

    • SHA256

      ebf8d61e11ac5d72511ec6e7116ab5585632abea82834adce487478175206f8c

    • SHA512

      a36f91c775b930dd0290a2e6e39215fa6c65f4b87695d204257aa364cef67ac8ff760de8796552a71ab52ce65fb077a80a34e1b1b466c82b9b912d1faa13b35f

    • SSDEEP

      1536:6uYvqHC2n3GyNFhX/Ah1IK+dj+MxxIkL7omIcoKCE45nHQlgYNILPfzm:6STn3hHE1IK+F+MxGuVIctBKXa

    Score
    1/10
    • Target

      OneDriveSetup.exe

    • Size

      48.0MB

    • MD5

      1382660b084b8791b400739542442783

    • SHA1

      3ecbe73642812498f3e4fad5dc47f8a9573fd4fb

    • SHA256

      48a181bb27dcdffbf2d467e6004a40677b68d2d07399dd87f5ee0a2b51e5837c

    • SHA512

      8d49071449384678794a0188bad7b3cdfb2c90e11b36b5923b38362dbf21fb98188f5eafc5d5b41f6dfc8ed5d88335600a17c044af05f1afa8a989d86c7463f2

    • SSDEEP

      786432:2QAM/bg9LA622CSAqL7Xis205pR40RKBVLiRIBqVbCj1/IwInTVk0:26D2NlbF5pHKQXbCJ/IA0

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Target

      OpenWith.exe

    • Size

      154KB

    • MD5

      652c3127b5da80d10c0089f85414205f

    • SHA1

      5e93aa48b2508ddb47e218c9903ada0c851b8ba1

    • SHA256

      11087185d089bcf1a57be895af6e9ff736dbe7cf53392ca48dbc76fe05eb890b

    • SHA512

      a4f9a61eacf14671a823d666a4edf5bb7428908857603a1e471af9422b171134d07783cac92b6e974c637fb14157cb4a0446b0d4c38d2fa3dbbe90be16e494ea

    • SSDEEP

      3072:jC9fSZL0zImXE+CvNJyy7EMiztkPfnV2dUhRMrer+CE+GI5XM:cfG0ImXE+CvNJyOEhwfnIdUhaeLE+GKc

    Score
    1/10
    • Target

      OptionalFeatures.exe

    • Size

      132KB

    • MD5

      622bc3e86c0ab39f0cce11072f808349

    • SHA1

      dca438f37068180168a1fcd5b868bec282766182

    • SHA256

      e6ec7d58e0ff6de0fc0e1e1f3f8c3fae84d7dd0817e3eaae0ab0d560172f4c53

    • SHA512

      a08e2946a07009589fe55e1e81e49ee6c176a8c3693e90a79b59891598892842d3987a10287b8bf4982fbdd10305abc6542ef9a2cd76621c62e6f50ec4a0f331

    • SSDEEP

      3072:3M9cG4bEaznWfH22ZsuX2xKwMPTnaSrIrvDZ:3ScGGznWjZnXeKwMLnaqY

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

discoverypersistenceprivilege_escalationspywarestealer
Score
7/10

behavioral5

Score
1/10

behavioral6

persistenceprivilege_escalation
Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

evasiontrojan
Score
6/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
4/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

discovery
Score
3/10

behavioral21

Score
1/10

behavioral22

persistenceprivilege_escalation
Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

discoverypersistenceprivilege_escalation
Score
8/10

behavioral31

Score
1/10

behavioral32

Score
1/10