Overview

overview

8

Static

static

3

PolicyPlus.exe

windows10-2004-x64

8

Resubmissions

04/09/2024, 18:19

240904-wyncpsvbjp 8

04/09/2024, 18:12

240904-ws7t6avapj 8

Sharing

Copy URL Twitter E-mail

General

  • Target

    PolicyPlus.exe

  • Size

    363KB

  • Sample

    240904-wyncpsvbjp

  • MD5

    412e1ca22a531bb23f5878e6e3c0bb5b

  • SHA1

    842928fd7ae2747e06e7b2b5a5aa1272e4fa992b

  • SHA256

    dca4ecd769253d3b4a165a5bbadbb7ce48aa89451b46eb05185f922e931da156

  • SHA512

    d2c8af286e88fad2fa9d41112ffd27e2bddf10d95bb3303e16db492f1db0c7c98bf520569bc073267f94b4ffe1b743db46ee0e6bf8bd71711b9681a42bd96cf7

  • SSDEEP

    6144:yRjUWuI0O8oo2roRO4T59qyosClB7apUf7CX7RU6NE:t48oo2ssK7RU6m

Score
8/10
discovery

Malware Config

Targets

    • Target

      PolicyPlus.exe

    • Size

      363KB

    • MD5

      412e1ca22a531bb23f5878e6e3c0bb5b

    • SHA1

      842928fd7ae2747e06e7b2b5a5aa1272e4fa992b

    • SHA256

      dca4ecd769253d3b4a165a5bbadbb7ce48aa89451b46eb05185f922e931da156

    • SHA512

      d2c8af286e88fad2fa9d41112ffd27e2bddf10d95bb3303e16db492f1db0c7c98bf520569bc073267f94b4ffe1b743db46ee0e6bf8bd71711b9681a42bd96cf7

    • SSDEEP

      6144:yRjUWuI0O8oo2roRO4T59qyosClB7apUf7CX7RU6NE:t48oo2ssK7RU6m

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks