b9af69ac821a649f211c99e3edf32a76a213e9450b5e972a6cdda5758af530dd

Target

Application Files - system32.zip
Size

200.3MB
Sample

240823-sp1d5athqk
MD5

9e13c0126b7f608956f951212b77efdb
SHA1

7c486a0f69ad4f21be45954df7bdc2f4ce9b0dad
SHA256

b9af69ac821a649f211c99e3edf32a76a213e9450b5e972a6cdda5758af530dd
SHA512

15b133823bf17179d3f806893480c77082d8a6442d885cfd5f1c77d8fdd476cafe63201fa030d60dbc812d9c9be8e8db71d83a714a4c40d8f59dbf28b9528ab5
SSDEEP

6291456:nENHZIGVuWulErUOn39qvc00IYv6EbEJY7CqQubcGX:qZRulE54vcbv6tluQGX

Score

8^/10

Malware Config

Targets

- Target
  
  MDMAgent.exe
- Size
  
  168KB
- MD5
  
  bafd47291621049479f587ccab3774eb
- SHA1
  
  996b32143f6a805a3de7429b2f6108c7e840da2f
- SHA256
  
  c0f1eebffd585e0b0b8539200d8b1624567cddf9d88e40aaa40f148c0f2ab3ce
- SHA512
  
  84aec2df050eeebb2efdb868646095b90a9f8d4479998af892272248c5d55bf056dc14c8e978ad51c07a2c81d310e8735bdc511412cdef90b79302a37a921f7e
- SSDEEP
  
  3072:haTuTmeuWH77UqNIWT1RcppQSs5isw2pHGniknZqwr2/inmgY:0uKeuWH777mWfcLZUispakim
Score

1^/10
behavioral1
- Target
  
  MDMAppInstaller.exe
- Size
  
  188KB
- MD5
  
  a35a514d2cde1c52f15bf7d24987b090
- SHA1
  
  07cc4ea8d9b53c3112e9bd51fcba4caace3a6b3f
- SHA256
  
  ea8b096783ee9d05d137c9a9f138328879ef564c4f83aaf42778a4e2dc34c89b
- SHA512
  
  c3064f80824ac5bf23531758f4caca2d1fbdc74552d9d424cf653fb01219b431ba50441c345a89712a40137865559a7bdb843df0d780547de029ee0205eecf7b
- SSDEEP
  
  3072:iccJ2gl663MR/BddemAksS+lYu1UvbfrVaAegvIQUUcMw:W2gl663MpPjsS+lYu1UvbZaAjvBSM
Score

1^/10
behavioral2
- Target
  
  MRINFO.EXE
- Size
  
  36KB
- MD5
  
  3f2eb6e362692c5397c7301540520cfe
- SHA1
  
  b2ffa14c6335e4110c1cea84b8e8e4a909a861ae
- SHA256
  
  e059fa6bf890b2f09efadbd08f733ad8e2d88705b425cf2d31a2ee26b44cfb19
- SHA512
  
  35710609cf5597e9a0bde201d1b4cfee7aa390c48bb567f4ecc78f29db2362783f36bd11d3ec2b0b140408a49f71c63ce65ed54265bdf269ac30a4b78c988e8f
- SSDEEP
  
  384:4BIOCyxZby29b0bYczGLVRSURPaVaLn4IWH8W:42WbIbVKfSVaLn4h
Score

1^/10
behavioral3
- Target
  
  MRT.exe
- Size
  
  188.0MB
- MD5
  
  6c6a5d2f148d503a61ff2497a3df0893
- SHA1
  
  7e7c1cef7edb6639e6744126e23f78c22468c8c2
- SHA256
  
  27f74e49d7263156339c0b950fdbd6c98f633254229085814689ba348ea4d85a
- SHA512
  
  6802cab34458e7711b21ea28cf9c53e08bc59a35f53aecbd73a1dd67aac3401406551a48929cce14c55d5cd609cc358273806ffe9f931af9300a8076d383c07a
- SSDEEP
  
  3145728:ehWmMmF5xzBXBurZpPTuFJajqq+YnNPSENNK6oZBSLtwgfpe/p/i/E5x5/pE5x7e:ehWilB/IEvCBNs
Score

7^/10

discovery persistence privilege_escalation spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral4
- Target
  
  MSchedExe.exe
- Size
  
  100KB
- MD5
  
  feb36688c957af591499f3d740a1dc01
- SHA1
  
  ae6ece8bbfa953cd77fb6ca655f8f6f40e3e6f2f
- SHA256
  
  e287fbed8c9b6c221aa2ba7ee7191be85e9db9e3b5e7978b8b13ba83c13650bd
- SHA512
  
  6073f63dce0c724a4bb48a82e8d3eb9e8f9587ab84c63e120fb69cb63a2d869a3691b5afbdcc3f17ad196b220bf6dc80322ba58d76c26660ddcaabbdec411aca
- SSDEEP
  
  1536:htREC/rMcgEPJV+G57ThjEC0kzJP+V5Jpy:hzECTMpuDhjRVJGjy
Score

1^/10
behavioral5
- Target
  
  Magnify.exe
- Size
  
  732KB
- MD5
  
  a9dbf174798cd03adc0b7a1adf493c76
- SHA1
  
  23a5b59677a06a7c93dea8bf822ae1de355902b2
- SHA256
  
  8d9f9ea080229ab3e37a58fac74bf0cfae89d04c5735f5111bdb982489526acf
- SHA512
  
  9e73ed6f15f56dccee8eb59a13dcb6a3110b0f711166c3ee8efdff4a70ff15bd9ad4797ff105c1d9d055717d789b50695ce7326b4b435a4ab86f7bc3a1440bdd
- SSDEEP
  
  6144:WFNGPP4aSUG484rRGgN8jZpkknnfG4MHnmGg9WCyeuVx1uSx63gDWQmUasVCVSuM:WqPgaSUG4Fr7NmZnmVgICkduS03ce
Score

3^/10

persistence privilege_escalation
behavioral6
- Target
  
  MdRes.exe
- Size
  
  104KB
- MD5
  
  36fee1d570563b2e58c6f5988f84af32
- SHA1
  
  74f09fb27bea2830c77bbf52be4c0d43608522c3
- SHA256
  
  ee1aecc09c8f3d116a63d8f54f54bca0b992795f5ce37dae13c60964095c1116
- SHA512
  
  a43007c6578ee10ed4db4ada5a32e875af6c0bd46d8fce98990f3755a38b58843beb0d33fc00fe59973d947c5cdfef8399b1be4e4abb336dff099047d58a171f
- SSDEEP
  
  1536:+O2fCa6pCrm+65tFI720+VpmDOzc4JNWxwB1MjVJmRc:+O2fmCre/FO+VQDUcUNWs+jm6
Score

1^/10
behavioral7
- Target
  
  MdSched.exe
- Size
  
  108KB
- MD5
  
  efdbaa148b41321c82c3b84134d5b5ba
- SHA1
  
  64d20c418118b18f17c6c95c14303bd08a803307
- SHA256
  
  473e783bb18a534d290d6205e3278d8c5e31bb97a926b040eb0b6763e992b892
- SHA512
  
  1b42971af40f1c963588ac33f943a412ca28a8185328ac5c424c340496a00a8d3d281b739a1e3adda433c43999401ebdecde57e614e83379fb3dc4192fcbe78f
- SSDEEP
  
  1536:yHpVl+HFx+aCM2m+65tFI720+VpmDOzc4JNWxwB1MjVJmRc:yvaCM2e/FO+VQDUcUNWs+jm6
Score

1^/10
behavioral8
- Target
  
  MdmDiagnosticsTool.exe
- Size
  
  88KB
- MD5
  
  4c370c40d0af547a646025473505d61a
- SHA1
  
  81d357fbb574716a6fc305371daa5f998626f157
- SHA256
  
  0a709ed80041b53da12a27d753fc66ab3cc2e952b359247297dd1fad12e40697
- SHA512
  
  5a4a6838f07350c2b717bf9a801175e7f0360e731a02d4afadd532469d1ef376d50cc4d66b55eacaaafc0793bd324e8b405aad1900a30253282ec9e36124296f
- SSDEEP
  
  1536:sDNodPKE/JWC/UEtphX9QIP6ZjFyc+WtdlSPTQzMyF:sOA/QzbQI051+gdwPTQ4o
Score

1^/10
behavioral9
- Target
  
  MicrosoftEdgeBCHost.exe
- Size
  
  120KB
- MD5
  
  6b3320cb604335e44968b2f39c9f2638
- SHA1
  
  2d7a097244a84b5330a1d20e62572f1ab7906db2
- SHA256
  
  7c6691a41d90d952f01503c4c49779a928a623625ba4962b92887a61913e25b5
- SHA512
  
  ff6d479a02b6f7ab5d1c8cb47b02ee933bc9e1271ca9ed103aff9d95fdb874db8ad33651deef460fab79fbf93704181e62735e40f3bb5ae2167d9953859bccde
- SSDEEP
  
  1536:ZYwHoSpDV7E4RsqQ+fvShXXoEDS+qUrA8ARno5ZZnP8Rg:loSph7E4RsHzeEmaAxoPRP8Rg
Score

1^/10
behavioral10
- Target
  
  MicrosoftEdgeCP.exe
- Size
  
  120KB
- MD5
  
  6b3320cb604335e44968b2f39c9f2638
- SHA1
  
  2d7a097244a84b5330a1d20e62572f1ab7906db2
- SHA256
  
  7c6691a41d90d952f01503c4c49779a928a623625ba4962b92887a61913e25b5
- SHA512
  
  ff6d479a02b6f7ab5d1c8cb47b02ee933bc9e1271ca9ed103aff9d95fdb874db8ad33651deef460fab79fbf93704181e62735e40f3bb5ae2167d9953859bccde
- SSDEEP
  
  1536:ZYwHoSpDV7E4RsqQ+fvShXXoEDS+qUrA8ARno5ZZnP8Rg:loSph7E4RsHzeEmaAxoPRP8Rg
Score

1^/10
behavioral11
- Target
  
  MicrosoftEdgeDevTools.exe
- Size
  
  120KB
- MD5
  
  6b3320cb604335e44968b2f39c9f2638
- SHA1
  
  2d7a097244a84b5330a1d20e62572f1ab7906db2
- SHA256
  
  7c6691a41d90d952f01503c4c49779a928a623625ba4962b92887a61913e25b5
- SHA512
  
  ff6d479a02b6f7ab5d1c8cb47b02ee933bc9e1271ca9ed103aff9d95fdb874db8ad33651deef460fab79fbf93704181e62735e40f3bb5ae2167d9953859bccde
- SSDEEP
  
  1536:ZYwHoSpDV7E4RsqQ+fvShXXoEDS+qUrA8ARno5ZZnP8Rg:loSph7E4RsHzeEmaAxoPRP8Rg
Score

1^/10
behavioral12
- Target
  
  MicrosoftEdgeSH.exe
- Size
  
  80KB
- MD5
  
  12b855d3e414321e664f66eb54eec721
- SHA1
  
  e3df57c08d553e479c544a5a2560acd257dabcfb
- SHA256
  
  13b88693808c5cf01d03b5e4cc242f02685c7a1f9e6ccc31a6dce19b33824042
- SHA512
  
  7e261238eecc95672b3c519672c43b74acb7e0c80571aa0bf5873352067b776564c0ca0a0685fbb970be833d3d9c00f36e798b5086832d129550e112bd0d4b6c
- SSDEEP
  
  1536:UYRKRLwEvBpt6BtrSJsZCHRNQYNTB5XQ+wlHYb:7oRLFvIsaPYNTrXpwJYb
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral13
- Target
  
  MoNotificationUxStub.exe
- Size
  
  80KB
- MD5
  
  91c0d9ab60ed1dcb34832daccadf76cf
- SHA1
  
  d1cfe5eec797ee35c783492dc0d6388d14d9d74d
- SHA256
  
  ca8947104398c2e1c99357fc004a877cdd381d4887c937cac41defa9160c717b
- SHA512
  
  8c638189d5f60aa1bc478c9490f02bd4d1bae4066a9e0b1efc30f0dc7fb9118d8240aad26b4de41316fc2833fb69f8b06f1ec7539089aeee8ea10d8f8bf80d59
- SSDEEP
  
  1536:rQNpRWtUSOxQlVlE03QclV9N19NAc0nH3stj6cZ8:Qp7sBJIzH3Ojhm
Score

1^/10
behavioral14
- Target
  
  MpSigStub.exe
- Size
  
  897KB
- MD5
  
  71cf589293424c4389202c7f1752fb2d
- SHA1
  
  6103d9f6bf95c772c8b7ee89aee370cdca4642f8
- SHA256
  
  071b0d3a08503a8b88aeeda1d20f371a563377028f6e252dc66cce60ab8f823e
- SHA512
  
  893ad57ffa14912ce51e33461f9786d6976ea6d57ef66cf74b6e1fcc97ce9aa5a49632d73c84bf575256234b6ac3df2451976846dafa2fe34668bea7295bdd17
- SSDEEP
  
  24576:TWH4TQVfeVKIMfjStr2boxmOiQUTd110TpZSn:TXTgeVKPjStr2boxm9d110Nk
Score

1^/10
behavioral15
- Target
  
  MsSpellCheckingHost.exe
- Size
  
  96KB
- MD5
  
  22973418b6075eecbf2ec4045e5375b2
- SHA1
  
  fc89df8bf29ccc4155068d7df745be73dcecc1af
- SHA256
  
  1472b5fdba95019219260499e62e34dbe4822723d0c4422159b10930d8e9c858
- SHA512
  
  30e4bc6b54e652de270f1034bf0546799a754efc5b1d0cbd9307e432f162004279a081477ffb3341a5f646f81516d2426d7791177098e7608ac101e666090cb7
- SSDEEP
  
  1536:rVnkbasiUSSP+1DogApjpvOEpb32azUOPaMYx+twVZRK4U5InDW72Ap6ly:rNCal91DbAsEpbmT+EZRKrOnDW72Ap6l
Score

1^/10
behavioral16
- Target
  
  MuiUnattend.exe
- Size
  
  112KB
- MD5
  
  b7b49d500208228a3e59235bfaaec255
- SHA1
  
  8848fc29ca973361304e6e6ae244aa4d11130d5a
- SHA256
  
  a15583a62ff9c7ab4029f426a0013da4dd1feed8278ce909e68cc104087d057e
- SHA512
  
  3022961fbc080a4c1e3bbbd7a4a65192664fc63d52be61f1b53e01fdf78693d69a3f92a07b52a4d063ee4aaac15e69e77861630d05f4648fa956514477ac9427
- SSDEEP
  
  1536:qqTARk/LQAVhnB7cevHaUuQzE5UYRf6JgvzSpjAbKNKhWaKAm:qFRk1bRaEzef5vmWiAC
Score

4^/10
behavioral17
- Target
  
  MultiDigiMon.exe
- Size
  
  76KB
- MD5
  
  355484a267b4d4590561a2b75fed106f
- SHA1
  
  08d7dedd34c30e49ec417b5368e6fd37a7037836
- SHA256
  
  4b88ad4a9f7e8081738d33248ad0acd7e7fc64b21fb3f33e3a28dbd5e91ace62
- SHA512
  
  2cd06c97b7a9988daa73f092d78087c5c00f39b821f9157a14d98c517b0515be536a39f4a678e06b70eeaa9c95537d503207a573de04a4278bfbf887b8df5e5c
- SSDEEP
  
  768:6Ip765eBshHeJ3jD9s2b5Bf3j851H3b6xLrRI16mi8fQkOqdfdh22C+BH7sFpCKS:TIcmeVD35Bf3yJELr8QkFdfW2jbJKM
Score

1^/10
behavioral18
- Target
  
  NDKPerfCmd.exe
- Size
  
  53KB
- MD5
  
  b858cdd77d2b855b5a4a080f8c8aba5c
- SHA1
  
  85f6db9a8ca32701287d98a3cdc7c0fe29598ed7
- SHA256
  
  41c8f4dfbcb6b11c2d20234ef5b31cb3d9839ccd969631c76f9f29402ba3df0f
- SHA512
  
  339a8b2c4cce3cc953d99df2932d513ae900f4063011a512c30fdd36267449a9a39f2778b006920e9469216d4bfe3998c22276a16ac31759adb65b5943c72514
- SSDEEP
  
  384:5hJHdCrywuZukokXii9iAjX3LZjigC5987EIVIWxWQfWYDBRJJY1Z0R9zbL:suukokjxjib9QEIVxh1PUZ49zH
Score

1^/10
behavioral19
- Target
  
  NDKPing.exe
- Size
  
  49KB
- MD5
  
  a24731c00bd71e2222f090fc7ad5787a
- SHA1
  
  cde148117f42dcdd9c1aa6fd4e861abbf61a9866
- SHA256
  
  64d64c3c8503e54068d5cace551cd30bb4d5894e59b4082231f348754393403e
- SHA512
  
  b9b68e6ee7d329aebc659551e590f8dfe92000dfe86792600593cbf9ebf21b54be98cf8a47efcab877dbbb520f93b4918d421af50b66e40fc6aa9dfdf8c0c187
- SSDEEP
  
  384:U2fkfAq8KkXZB3d0i9iAK8HZeiKoelCbxIW82fLjWIWWxDBRJP+NcM6a1R9z/frj:Ul4JBTPeiI4baW82fjZ1PWn6K9z84
Score

3^/10

discovery
behavioral20
- Target
  
  NETSTAT.EXE
- Size
  
  64KB
- MD5
  
  1118b7ad29748c374971e36c9a5fe1d8
- SHA1
  
  1ac3581352c055852569ca2b5f4db69fcaf17f02
- SHA256
  
  6d656d8da855cc4f7d5152d81769124c05bbbcc906408e53dc2cf19e90498c57
- SHA512
  
  a1baf619c4d4fe993140cf07c446b69db04dc5a877dd4bcc2e36d164520767558458995c14b165fec57076e2f45911aa049243e625fb1e72945e183e692a6ad0
- SSDEEP
  
  768:R61hRMG+F36Z0/tYUjgAJaoNjy+r5zmBU/xb9YuzGsJh7cdV57dOSA4f8:R6/R3O36Z0/tEyaoNjy+r5zmBMhwf8
Score

1^/10
behavioral21
- Target
  
  Narrator.exe
- Size
  
  596KB
- MD5
  
  e394fa14eca0d2c0a098c35d543ff79f
- SHA1
  
  67a4f1353e17b49671d97d68e5df06558362600a
- SHA256
  
  4801e79129c89c39df996da3be23b0af3f4f9715f2d36ec75ac8fc6708ddc0bf
- SHA512
  
  90ee47013c9998a891569914e615c44852a4d25c532cefd73c09136fb30fec63c7351f3f437bc0fe6db5806ef74f02f042ab83174d140b617c6ddaf72d1673a5
- SSDEEP
  
  6144:TvPjItGMH6WIN9AejyGePQhLdvJS3lptAy+7vJj3bO3TJjaVL+Kzrr4x8:Tctvc7AeyPQZJgV/e7vlyjTKzrA8
Score

3^/10

persistence privilege_escalation
behavioral22
- Target
  
  NetCfgNotifyObjectHost.exe
- Size
  
  96KB
- MD5
  
  cf57ca3a3e0b35c39da669594a62085f
- SHA1
  
  5396cb7585c474d64a579c9cd789b31b95b4e341
- SHA256
  
  32ea8b4937de1ffb4c12b84725c86c17d8c30c794acc2d34805906b140e92e38
- SHA512
  
  188bd4a4ac5037d8c67e18dc958ffc929317ef1be1b518f19c84fd65f093bd2f5f7e19554ab5fa7e36a8a7948ed0abc69e5d293cc9b1f800686d74f0320d22e1
- SSDEEP
  
  1536:V8NBUlnCYtJCLGhXNi8ArWUS47M9h5Lr6X0hkJyAE4MY:VyOGGfWjxY9WOCyb4F
Score

1^/10
behavioral23
- Target
  
  NetEvtFwdr.exe
- Size
  
  52KB
- MD5
  
  11b968dfc7bd01236375a5687c593a79
- SHA1
  
  c0a396d2edce038d92a93b72cf0f4a4afa2af223
- SHA256
  
  7fca1bfc349dcad174017969f51e75aa68f0be1998a6d97ec2a3142fa1409fab
- SHA512
  
  c33d30281050b08db68e9ad99ffde1e0331ae4e58457444039552eccb826be19175216f7752b5f778377bec2d8cdce94aa15055773e26b4fceefe61a92c2d2fd
- SSDEEP
  
  768:rv8itTnTqnZTxljtqDJpfRfj8F8mrOSUiYA5iAiZrk/IRy:HBaZTXtqDJpfyF8mrODiYTAiFk/IRy
Score

1^/10
behavioral24
- Target
  
  NetHost.exe
- Size
  
  32KB
- MD5
  
  f922f6fa603eee3db5dfb1916de57699
- SHA1
  
  ddae237fbb273127c975ab4bf99b2583a25625c5
- SHA256
  
  4995247022a423d46cd28e5fa2ec92da287a1a130ef4ca44d668fedc9d9d00da
- SHA512
  
  83cea0ccc652b44df6ea8c6576d4123ad166bc78bf7289f96394742f3f3cacaa20cab15d5ab4cbb60c0d1b14e3cdb6e2a0ff67627c570c1e6a291de747abccf1
- SSDEEP
  
  192:S7D5cmzQNJlIYXqJxftZaafkfHwpWdkqW:aNnQT6Y8pKTfQpWdkqW
Score

1^/10
behavioral25
- Target
  
  Netplwiz.exe
- Size
  
  64KB
- MD5
  
  c4995e0f246fb240980117067d279abf
- SHA1
  
  bdf17cc4125fcd3d5acd94f5fe7b2486913dfcd6
- SHA256
  
  8011f12e0e13336b432c3f3640894ed5ac1c18fa20ef214c3f6efdd61f268e89
- SHA512
  
  4dee8de1532cbce34c82d242d38bedcea014bd56f14606bdf9a22a6b20e5b5b112c8fe561ea20f07734e4469d198a3e016deb38fe5e2f05be6468e50a4b95b8f
- SSDEEP
  
  768:gA3tPkEiajYz462Vo/hnGkrWWEE9TuDUBUiysJqfUrh6WeENiJDBPrxZt48:gKkFr/hn/zEmUiycNeWSDBPrxZa8
Score

1^/10
behavioral26
- Target
  
  NgcIso.exe
- Size
  
  546KB
- MD5
  
  1e831a5ef4fb38bba50fbd4962cb6f5d
- SHA1
  
  69f519e9d92fe45694dfa12825231bfed7434134
- SHA256
  
  c167091f4b985fd8eaf1194697e22d646dc0ca8e01fb68d0cf5bfbe6136c0ae9
- SHA512
  
  125eaae6f729b156c74f371c364f0bd15d870ab4aec48bb3187666c4347747ba15d59e4f2f1f6d905dcc0ed5e53f67b9a081e312abb695e733d9bf9201fa9660
- SSDEEP
  
  6144:8+N2iMBPcsYPjsNWUXlBs7ogaRdKTOFmfdTFcVilRggWAZaZt+pSpyRJXAG+rzE:81BPcFrLql2wKTucpNWAZaZt+tdqE
Score

1^/10
behavioral27
- Target
  
  OOBE-Maintenance.exe
- Size
  
  122KB
- MD5
  
  ae73e963cbf32ea1192922427a54cfd3
- SHA1
  
  ce8ad573c527ab9b8af5ff359b8cb6bb17179b21
- SHA256
  
  ebf8d61e11ac5d72511ec6e7116ab5585632abea82834adce487478175206f8c
- SHA512
  
  a36f91c775b930dd0290a2e6e39215fa6c65f4b87695d204257aa364cef67ac8ff760de8796552a71ab52ce65fb077a80a34e1b1b466c82b9b912d1faa13b35f
- SSDEEP
  
  1536:6uYvqHC2n3GyNFhX/Ah1IK+dj+MxxIkL7omIcoKCE45nHQlgYNILPfzm:6STn3hHE1IK+F+MxGuVIctBKXa
Score

1^/10
behavioral28
- Target
  
  OneDriveSetup.exe
- Size
  
  48.0MB
- MD5
  
  1382660b084b8791b400739542442783
- SHA1
  
  3ecbe73642812498f3e4fad5dc47f8a9573fd4fb
- SHA256
  
  48a181bb27dcdffbf2d467e6004a40677b68d2d07399dd87f5ee0a2b51e5837c
- SHA512
  
  8d49071449384678794a0188bad7b3cdfb2c90e11b36b5923b38362dbf21fb98188f5eafc5d5b41f6dfc8ed5d88335600a17c044af05f1afa8a989d86c7463f2
- SSDEEP
  
  786432:2QAM/bg9LA622CSAqL7Xis205pR40RKBVLiRIBqVbCj1/IwInTVk0:26D2NlbF5pHKQXbCJ/IA0
Score

8^/10

discovery persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral29 behavioral30
- Target
  
  OpenWith.exe
- Size
  
  154KB
- MD5
  
  652c3127b5da80d10c0089f85414205f
- SHA1
  
  5e93aa48b2508ddb47e218c9903ada0c851b8ba1
- SHA256
  
  11087185d089bcf1a57be895af6e9ff736dbe7cf53392ca48dbc76fe05eb890b
- SHA512
  
  a4f9a61eacf14671a823d666a4edf5bb7428908857603a1e471af9422b171134d07783cac92b6e974c637fb14157cb4a0446b0d4c38d2fa3dbbe90be16e494ea
- SSDEEP
  
  3072:jC9fSZL0zImXE+CvNJyy7EMiztkPfnV2dUhRMrer+CE+GI5XM:cfG0ImXE+CvNJyOEhwfnIdUhaeLE+GKc
Score

1^/10
behavioral31
- Target
  
  OptionalFeatures.exe
- Size
  
  132KB
- MD5
  
  622bc3e86c0ab39f0cce11072f808349
- SHA1
  
  dca438f37068180168a1fcd5b868bec282766182
- SHA256
  
  e6ec7d58e0ff6de0fc0e1e1f3f8c3fae84d7dd0817e3eaae0ab0d560172f4c53
- SHA512
  
  a08e2946a07009589fe55e1e81e49ee6c176a8c3693e90a79b59891598892842d3987a10287b8bf4982fbdd10305abc6542ef9a2cd76621c62e6f50ec4a0f331
- SSDEEP
  
  3072:3M9cG4bEaznWfH22ZsuX2xKwMPTnaSrIrvDZ:3ScGGznWjZnXeKwMLnaqY
Score

1^/10
behavioral32