788611be1e0382e629dd81fc1720c1ba44ce0b5021ef274031b98e323d1a9a47 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

watch.html

windows11-21h2-x64

8

Resubmissions

17/09/2024, 02:35

240917-c3asmazhmp 6

09/09/2024, 22:53

240909-2t82havbjm 8

09/09/2024, 22:50

240909-2sh4pavalr 3

Sharing

Copy URL Twitter E-mail

General

Target

watch
Size

763KB
Sample

240909-2t82havbjm
MD5

355dce704cbbb456ccdead0de93935e1
SHA1

37fce09672e9262ab3755412b716f59cc7c93187
SHA256

788611be1e0382e629dd81fc1720c1ba44ce0b5021ef274031b98e323d1a9a47
SHA512

7df8080972514bc54a906b499e8e67af061279778f5601f5214c104814db00a8a05d58159393897a0128388b43d6242b9252e556ecab932bbdf85468e46e4441
SSDEEP

6144:+J8Gy3GyNGyEGy/GygGyEGy0GynGy3GyDPkmC6dbq4eGOPv3vt93nr3jHUGpIZh1:+6GOGGGXG2GvGXGhGKG8G2Pn49I

Score

8^/10

collection defense_evasion discovery execution upx

Static task

static1

Behavioral task

behavioral1

Sample

watch.html

Resource

win11-20240802-en

collection defense_evasion discovery execution upx

windows11-21h2-x64

28 signatures

600 seconds

Malware Config

Targets

- Target
  
  watch
- Size
  
  763KB
- MD5
  
  355dce704cbbb456ccdead0de93935e1
- SHA1
  
  37fce09672e9262ab3755412b716f59cc7c93187
- SHA256
  
  788611be1e0382e629dd81fc1720c1ba44ce0b5021ef274031b98e323d1a9a47
- SHA512
  
  7df8080972514bc54a906b499e8e67af061279778f5601f5214c104814db00a8a05d58159393897a0128388b43d6242b9252e556ecab932bbdf85468e46e4441
- SSDEEP
  
  6144:+J8Gy3GyNGyEGy/GygGyEGy0GynGy3GyDPkmC6dbq4eGOPv3vt93nr3jHUGpIZh1:+6GOGGGXG2GvGXGhGKG8G2Pn49I
Score

8^/10

collection defense_evasion discovery execution upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

Browser Information Discovery

Process Discovery

Query Registry

System Information Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectiondefense_evasiondiscoveryexecutionupx

© 2018-2025

Terms | Privacy