Overview

overview

7

Static

static

3

12noon-ala...64.exe

windows11-21h2-x64

7

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

Alarm.exe

windows11-21h2-x64

1

Uninstall.exe

windows11-21h2-x64

7

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    12noon-alarm-plus-plus-setup-x64.exe

  • Size

    3.4MB

  • Sample

    240918-zxvbeatejl

  • MD5

    c5e6e9ff9ab3dd565ed430ff745a5014

  • SHA1

    a817367a96790ef64a3df6cca9c3470fc2e41bf3

  • SHA256

    51291ed880000172b7b74827cdbeb6b9f81d714dba9f9f0d8390b11c2329e5c3

  • SHA512

    4184c8921859ddd7610714cad5409c8ef3f5be39bf4e3133dcebfef3b244ad2f88d4fed0e3a3d28c46c994827de6fb13b11595fa7f92735e4b40a24ec50e65d9

  • SSDEEP

    98304:HXZyJCV6D//lO4UVRZClz9Wpvq4w7lYmMSZaMVO4RZNr9T7c7NNZ1:HJy+E//lO4MI9WRq4LmMSZhrT9T7c7Nh

Score
7/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      12noon-alarm-plus-plus-setup-x64.exe

    • Size

      3.4MB

    • MD5

      c5e6e9ff9ab3dd565ed430ff745a5014

    • SHA1

      a817367a96790ef64a3df6cca9c3470fc2e41bf3

    • SHA256

      51291ed880000172b7b74827cdbeb6b9f81d714dba9f9f0d8390b11c2329e5c3

    • SHA512

      4184c8921859ddd7610714cad5409c8ef3f5be39bf4e3133dcebfef3b244ad2f88d4fed0e3a3d28c46c994827de6fb13b11595fa7f92735e4b40a24ec50e65d9

    • SSDEEP

      98304:HXZyJCV6D//lO4UVRZClz9Wpvq4w7lYmMSZaMVO4RZNr9T7c7NNZ1:HJy+E//lO4MI9WRq4LmMSZhrT9T7c7Nh

    Score
    7/10
    discoverypersistenceprivilege_escalation

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      564bb0373067e1785cba7e4c24aab4bf

    • SHA1

      7c9416a01d821b10b2eef97b80899d24014d6fc1

    • SHA256

      7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

    • SHA512

      22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

    • SSDEEP

      192:nenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBDIwL:n8+Qlt70Fj/lQRY/9VjjfL

    Score
    3/10
    discovery
    behavioral2

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      48f3e7860e1de2b4e63ec744a5e9582a

    • SHA1

      420c64d802a637c75a53efc8f748e1aede3d6dc6

    • SHA256

      6bf9cccd8a600f4d442efe201e8c07b49605ba35f49a4b3ab22fa2641748e156

    • SHA512

      28716ddea580eeb23d93d1ff6ea0cf79a725e13c8f8a17ec9dfacb1fe29c7981ad84c03aed05663adc52365d63d19ec2f366762d1c685e3a9d93037570c3c583

    • SSDEEP

      96:oFsvUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YuNqkzfS:oFsvWyNO81b8pCHFcM0PuAgkOywIFc

    Score
    3/10
    discovery
    behavioral3

    • Target

      Alarm.exe

    • Size

      4.9MB

    • MD5

      bd97e25710be6cb4c8f61d13c86676b9

    • SHA1

      e8ad196dfc3373f6942cfbd27e7bb69d0d8e3efd

    • SHA256

      c17a493f0d9daaa19b0c9549633f0c7f566a0cf36aa6908aa155ec16d9db3939

    • SHA512

      41d2c266923880391eb7b4403c249af1f0a1ba62559cdce30ac1ed19bcf827f0c265b578a2cc3af98f79fe9f5f26ba195206adb80d941ffc1fe9c51a0ee66c5e

    • SSDEEP

      98304:/d7ZlezkEw/x9qpFLOAkGkzdnEVomFHKnP:jlBL9qpFLOyomFHKnP

    Score
    1/10
    behavioral4

    • Target

      Uninstall.exe

    • Size

      89KB

    • MD5

      47240589d78c03e8927e7ca1e4220c20

    • SHA1

      7a5b6f3de1975550d85e709836f5ba832bc62829

    • SHA256

      02e72d4f78d95c4edaf4d8f6d9b21740942801e3fe8b8b20918fb223c5494e83

    • SHA512

      b3793c9f92684fcd9acc5342bbc29ef531f6511161e40afe7c7dc0e14857b9d3830439913b326782d5a33b4f6a9fc16f6a473ae81c3d61e2402e1c7e14f407ae

    • SSDEEP

      1536:gQNRwF/6HWFDw2ShOp0DiJkugYRN6QcIg0BGNmFFQLAs98jkOtvzG:7NRCywDw1DiJkugqBwIUFOFvi

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral5

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      564bb0373067e1785cba7e4c24aab4bf

    • SHA1

      7c9416a01d821b10b2eef97b80899d24014d6fc1

    • SHA256

      7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

    • SHA512

      22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

    • SSDEEP

      192:nenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBDIwL:n8+Qlt70Fj/lQRY/9VjjfL

    Score
    3/10
    discovery
    behavioral6

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      48f3e7860e1de2b4e63ec744a5e9582a

    • SHA1

      420c64d802a637c75a53efc8f748e1aede3d6dc6

    • SHA256

      6bf9cccd8a600f4d442efe201e8c07b49605ba35f49a4b3ab22fa2641748e156

    • SHA512

      28716ddea580eeb23d93d1ff6ea0cf79a725e13c8f8a17ec9dfacb1fe29c7981ad84c03aed05663adc52365d63d19ec2f366762d1c685e3a9d93037570c3c583

    • SSDEEP

      96:oFsvUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YuNqkzfS:oFsvWyNO81b8pCHFcM0PuAgkOywIFc

    Score
    3/10
    discovery
    behavioral7

MITRE ATT&CK Enterprise v15

Tasks