Overview

overview

7

Static

static

3

OfficeSetup.exe

windows7-x64

1

OfficeSetup.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    OfficeSetup.exe

  • Size

    7.3MB

  • Sample

    240905-x58gwsydnh

  • MD5

    35f798a20de51b861b99ca12b9b3f64c

  • SHA1

    af257c607b4acd6d907198cffa786af42fc1caef

  • SHA256

    81d658a8106b78814247536ef6f9a3d512651dc0ff80f32104e63c7a1b1f0a20

  • SHA512

    f1421f8625b3260ee2def355e04a5a192a464991270eb50b4a245013cf877b92ee8034993b0244f0a8867c4c2a1c26717fa774400880ad6f95ef95abc2a4169c

  • SSDEEP

    196608:/p5Cb2YXiKFP390aKx/ImUgp3phkxODw2s8aI6HMaJTtGb/:7VmFV0Xx/ImUQpNs8

Score
7/10
discovery

Malware Config

Targets

    • Target

      OfficeSetup.exe

    • Size

      7.3MB

    • MD5

      35f798a20de51b861b99ca12b9b3f64c

    • SHA1

      af257c607b4acd6d907198cffa786af42fc1caef

    • SHA256

      81d658a8106b78814247536ef6f9a3d512651dc0ff80f32104e63c7a1b1f0a20

    • SHA512

      f1421f8625b3260ee2def355e04a5a192a464991270eb50b4a245013cf877b92ee8034993b0244f0a8867c4c2a1c26717fa774400880ad6f95ef95abc2a4169c

    • SSDEEP

      196608:/p5Cb2YXiKFP390aKx/ImUgp3phkxODw2s8aI6HMaJTtGb/:7VmFV0Xx/ImUQpNs8

    Score
    7/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks