General
-
Target
ImproX_USB_Win_8_and_10.zip
-
Size
16.4MB
-
Sample
240913-jh493a1hlr
-
MD5
0a7e6896ab267dfd5f31bd90ff57c7b6
-
SHA1
901724b13d98a498d4d0ceef1e632475228c5879
-
SHA256
268c8554da70090e8893d7468ab6b1156391b80c8513a73eca9035733ee43593
-
SHA512
7ee51d84a394019ac2267c24918320cef94c66d5ba319f1c8263ea2fad37f3a785cf35ebe60d0e96fd3089f9f57c3d764442b07278b88740e852d06c9fab981a
-
SSDEEP
393216:asxUe7ps8TX7osACIGcfUYlWpdg9d9gN8P71UCSBv:asTpzTVtIRUYlOdg39gQUCy
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
vcredist_x64.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
vcredist_x86.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
setup.exe
-
Size
3.7MB
-
MD5
c0fe59a9ea8ab8248d221c9008d92be3
-
SHA1
43958341bacc33b0c33d1e37700dda86cef35228
-
SHA256
08409ec3b4031df24306d19da45eb753adc542394b33d56616a57d637fa6348a
-
SHA512
c1a34bd32e3dbd0a91bef8f135eef904d96389b590678704a5077df9c38fdb4de5322f9cd96ae992bb548e0ff73ae2171e9afee9a17f7a94390a13c5033bf79f
-
SSDEEP
98304:I32NWl57blIBXlXgLT0dUTN08r4k3/BICs5t:pK57blIB1ETMlOyCit
Score8/10-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
vcredist_x64.exe
-
Size
6.9MB
-
MD5
ba2c17a20b2b1d8a30f96d53e2632a68
-
SHA1
abe47e4996cf0409a794c1844f1fa8404032edb2
-
SHA256
aa78fef82d386f709cc36dbe5bc5a67f34887d8a37c61e67b06543d1d82c9e2a
-
SHA512
7aa501ff0475cfc34adf99f660e5d13e1bae73ece48f6425586183b56628267bac651b5c17bcd919cce1bc535289c9a77a9cf1c0cd47706217b81ed37965b638
-
SSDEEP
196608:fB+pVNJVHmfa4SGSntdO+svVyw9g5jks5ypB6r3MT:J+pV1Ya482YSXa6B+3U
Score7/10-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
vcredist_x86.exe
-
Size
6.3MB
-
MD5
a8d5962623206751bdd4416d140ae7c5
-
SHA1
d292afddbae41acb2a1dfe647e15336ad7375c6f
-
SHA256
1cf499658295622956a0dedbb70a414c1a6157e1b7ee606fd9f7afccccea60db
-
SHA512
30cd79eb4700bf535cd24c45488b015ce92c12304af0278b79ebf0d74b34ba719b50c6e5fb4ad6fc90372380579bfb1af5b906525110caa51f474e0570cb81be
-
SSDEEP
196608:QzuvBUapXrFJXTtDeXzYx3np2eTIloA/1o:Iu/DpszYx3nMe4/1o
Score7/10-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1