General
-
Target
http://Executes dropped EXE 1 IoCs Loads dropped DLL 11 IoCs Blocklisted process makes network request 2 IoCs Enumerates connected drives 3 TTPs 23 IoCs Attempts to read the root path of hard drives other than the default C: drive. Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs Drops file in Program Files directory 64 IoCs Drops file in Windows directory 21 IoCs Browser Information Discovery 1 TTPs Enumerate browser information. discovery Enumerates physical storage devices 1 TTPs Attempts to interact with connected storage/optical drive(s). System Location Discovery: System Language Discovery 1 TTPs 3 IoCs Attempt gather information about the system language of a victim in order to infer the geographical location of that host. discovery Enumerates system info in registry 2 TTPs 3 IoCs Modifies data under HKEY_USERS 5 IoCs Modifies registry class 30 IoCs Suspicious behavior: EnumeratesProcesses 7 IoCs Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs Suspicious use of AdjustPrivilegeToken 64 IoCs Suspicious use of FindShellTrayWindow 34 IoCs Suspicious use of SendNotifyMessage 24 IoCs Suspicious use of WriteProcessMemory 64 IoCs