Overview
overview
10Static
static
1DisableAct...ig.reg
windows7-x64
10DisableAct...ig.reg
windows10-2004-x64
10EnableActi...ig.reg
windows7-x64
10EnableActi...ig.reg
windows10-2004-x64
10KMSAuto++v1.6.4.rar
windows7-x64
3KMSAuto++v1.6.4.rar
windows10-2004-x64
3NET_Framew...up.exe
windows7-x64
7NET_Framew...up.exe
windows10-2004-x64
7General
-
Target
KMSAuto++2022.7z
-
Size
18.1MB
-
Sample
240829-j2cn6a1clf
-
MD5
0cf6ea524946406f6bfc7ebcdfea8ca6
-
SHA1
136f399a4ac9173a434d735179429b0e88b7e519
-
SHA256
7dae966a4f5f9f27f780bd28a8c4fc79f1a3d7e12cfc988052d27e3dd5136bb5
-
SHA512
3cdb5db312ed5b26f5625f7b4b51ffd4d8acbc2c5f03d0afe890b1057b4273a4943fa512f249ef0fc121751a8a61c69ae1a0475de6365807c26e3eb54d8ac910
-
SSDEEP
393216:XDqNFPTgw6EcjJV1c6QaK1Gz8YvDQc/tTPrPU1/4YjFw62R/eqrT5eyS7fSHbhOe:XuNV8wDcjVPQLjYZHPAQYjFcRvTxnb1
Static task
static1
Behavioral task
behavioral1
Sample
DisableActivationConfig.reg
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
DisableActivationConfig.reg
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
EnableActivationConfig.reg
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
EnableActivationConfig.reg
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
KMSAuto++v1.6.4.rar
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
KMSAuto++v1.6.4.rar
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
NET_Framework45_Full_setup.exe
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
NET_Framework45_Full_setup.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
DisableActivationConfig.reg
-
Size
8KB
-
MD5
40a2e9b664e756d6b16219c9eabe7240
-
SHA1
99a25dc9749010f0ffc4c8537f316f59c000db59
-
SHA256
4f52e5ae1169093332b4f4cb1fb2c7e1d3f501cbec63db860662c7e2985cfdf6
-
SHA512
38685e92fa9cf38d2a26ec14ad6f10ea6d273181a4872f05430c84dc62e248673e6f88360570aceaf5e08885a5c7bd32ccef1cab61e216924f33f3180e82d09c
-
SSDEEP
96:+fhRUvavVK6UYUz0ePGEp2j93UayQYZmBSxChCYtC98nGuMt9FIXe8IXIjhOQHye:Mvv93UayQ7BUaJt888epB
Score10/10-
Modifies security service
-
-
-
Target
EnableActivationConfig.reg
-
Size
8KB
-
MD5
c0cbf9633b05c3de5e43d1ca2fdec32c
-
SHA1
8decff71f416aeaed6f57606c86b30483779ce8b
-
SHA256
0ab58e5d5adf5161f21a052071d6a09f61a3f9794f53fa1ff47face3c1227b48
-
SHA512
e0feb2435544234df68bfb8428e772b61b824392d2e3b541822bac713075de036402582f23b9edfd865b3523684d99d03c6a5e7a208877e046c9c6159c758fba
-
SSDEEP
96:2yQYZmBSxChCYhRUvCC98nGuMt976UYUz0+IXePGEp2j93USfbvVK8IXIjhOQHy+:2yQ7BUaJL888c193UIp9B
Score10/10-
Modifies security service
-
-
-
Target
KMSAuto++v1.6.4.rar
-
Size
17.3MB
-
MD5
12527a9f23b70166bec6d442ef7900fb
-
SHA1
513dd13e66729b62ecb2d4426b38fcd746675451
-
SHA256
cfae3ff63f4e8e07d6577d96abedbfb16611b395c7af8e24cd4dd7da07563ca0
-
SHA512
bb428e8d3c1150965b66f08a8d67dee65b40a5ee60bf91439b322d67f370109f791816710ed13e641fed9fd17a2d0d7f7b99b93d92afeba95dfce296e08adb32
-
SSDEEP
393216:O4/ve8+GJXtX9++cWt1jhZTWxeBmnTd2MB2aD+D06+X4uNoT:O4HpXdtX9FfhZTWxepCiDH+ouNk
Score3/10 -
-
-
Target
NET_Framework45_Full_setup.exe
-
Size
982KB
-
MD5
9e8253f0a993e53b4809dbd74b335227
-
SHA1
f6ba6f03c65c3996a258f58324a917463b2d6ff4
-
SHA256
e434828818f81e6e1f5955e84caec08662bd154a80b24a71a2eda530d8b2f66a
-
SHA512
404d67d59fcd767e65d86395b38d1a531465cee5bb3c5cf3d1205975ff76d27d477fe8cc3842b8134f17b61292d8e2ffba71134fe50a36afd60b189b027f5af0
-
SSDEEP
24576:3idS2cRQNb9dUcyezFSja7zEwA2BH6SEUVGDKX68zuQm6wwr5mAPepC:SQ2cRQh9GexmCxBxVV56CmWQax
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
3Windows Service
3Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify Tools
3Modify Registry
6