405610d77e492d3254073e37c6c70eac8b52c91659a22cb47bfe7e5f998a73af | Triage

Submit
Reports

Overview

overview

7

Static

static

1

priority_pedantec.msi

windows7-x64

7

priority_pedantec.msi

windows10-1703-x64

7

priority_pedantec.msi

windows10-2004-x64

7

Sharing

General

Target

priority_pedantec.msi
Size

4.1MB
Sample

240824-3pkzjswepc
MD5

11f8051d80cf6c474d33df17e420ac5a
SHA1

44115b2f8c2a684bf1ae7035f329e7ad72e56973
SHA256

405610d77e492d3254073e37c6c70eac8b52c91659a22cb47bfe7e5f998a73af
SHA512

adae7179e83d0e341abe78283ba1bf09af7bce0e9118e4ba75a2442544af981db10778d11890183476811a701bb29b2d32aaac7244c8923d96d60b40c8c52433
SSDEEP

98304:R9gaTY/eB9FkaeGFxn0OaT8EJk3WdCFA5:rxTY/CTiY+xTo

Score

7^/10

discovery evasion persistence privilege_escalation spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

priority_pedantec.msi

Resource

win7-20240729-en

discovery evasion persistence privilege_escalation spyware stealer trojan upx

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

priority_pedantec.msi

Resource

win10-20240404-en

discovery evasion persistence privilege_escalation spyware stealer trojan upx

windows10-1703-x64

25 signatures

150 seconds

Behavioral task

behavioral3

Sample

priority_pedantec.msi

Resource

win10v2004-20240802-en

persistence privilege_escalation upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  priority_pedantec.msi
- Size
  
  4.1MB
- MD5
  
  11f8051d80cf6c474d33df17e420ac5a
- SHA1
  
  44115b2f8c2a684bf1ae7035f329e7ad72e56973
- SHA256
  
  405610d77e492d3254073e37c6c70eac8b52c91659a22cb47bfe7e5f998a73af
- SHA512
  
  adae7179e83d0e341abe78283ba1bf09af7bce0e9118e4ba75a2442544af981db10778d11890183476811a701bb29b2d32aaac7244c8923d96d60b40c8c52433
- SSDEEP
  
  98304:R9gaTY/eB9FkaeGFxn0OaT8EJk3WdCFA5:rxTY/CTiY+xTo
Score

7^/10

discovery evasion persistence privilege_escalation spyware stealer trojan upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Event Triggered Execution

Component Object Model Hijacking

Installer Packages

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Event Triggered Execution

Component Object Model Hijacking

Installer Packages

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

System Binary Proxy Execution

Msiexec

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalationspywarestealertrojanupx

behavioral2

discoveryevasionpersistenceprivilege_escalationspywarestealertrojanupx

behavioral3

persistenceprivilege_escalationupx

© 2018-2025

Terms | Privacy