ade189690b14affe9b5af5e99d70e289ecfbd462d663726c5e44bd41cd2e736d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c22323ff4c81c5e26eb8925c2ba961dd8b89af01870b42eae013fefb6af96a26.zip
Size

4.3MB
Sample

240911-1xtwbavgmm
MD5

08577b69689525b4a003407a8efc0075
SHA1

b38ec35bedbd8de5c3179cc523074a83f9b3820f
SHA256

ade189690b14affe9b5af5e99d70e289ecfbd462d663726c5e44bd41cd2e736d
SHA512

3eae489267aa6d5f882d9d8db3084be1f05a5c89c12dfbd3ba02f8be9fbdfa74ae14a740b7acc3ce41702ac1d3ebf0b230771b7517d21004d2fa98a28725e5a3
SSDEEP

98304:5O1FUUCQ6334Czy1XbpDxGZHgsdUQcRgy0W5RBRcXchxDO:5mZ+DmJy5geYgyLlRcXcHO

Score

6^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  c22323ff4c81c5e26eb8925c2ba961dd8b89af01870b42eae013fefb6af96a26.msi
- Size
  
  11.6MB
- MD5
  
  3a6101c4ccbae1b5c2431eaeb10652a8
- SHA1
  
  32dda77c212cd6d96440ba1feb4f4dd5f1694e66
- SHA256
  
  c22323ff4c81c5e26eb8925c2ba961dd8b89af01870b42eae013fefb6af96a26
- SHA512
  
  c3cc94694ee2998212a4b4b20619face3c59eaafff4d9c6af94a5721510f0649a39a4da0ae9c877fddb6a40578d9b79dc8c0dbf60adc6f3a949fa2b33eb9e522
- SSDEEP
  
  98304:JclnTYxmK4IgWkxvSLy/9r3ZZHXLceWuJvSfBfjQ0:JsnTu5uVr1JUbQ
Score

6^/10

discovery persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation