1d144d8d909acdc149adeefd0434914dbc0c385aa45b70798927e1e564a2fcb3

Sharing

Copy URL

Twitter E-mail

General

Target

7tt_setup.exe
Size

1.8MB
Sample

240920-264ybatclf
MD5

8b4f8b4ed27c1e4a701c8d653665cd50
SHA1

0e052e38eec0bb02d695392f145330be2cac08c4
SHA256

1d144d8d909acdc149adeefd0434914dbc0c385aa45b70798927e1e564a2fcb3
SHA512

804d16097812ea42db117f60485218546e6571b4808ef6394425cea0f23dd1f532898a815a86a471b2ddd890dfa8a380f968cfea1fc05352c1c85e40c792cfa7
SSDEEP

49152:KcCNRQ3JmgQt8rEd2PhW+OfuhJYdET7fXeXKNrSxt7:K+mgQQ+Iq2hJO47/eMg

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  7tt_setup.exe
- Size
  
  1.8MB
- MD5
  
  8b4f8b4ed27c1e4a701c8d653665cd50
- SHA1
  
  0e052e38eec0bb02d695392f145330be2cac08c4
- SHA256
  
  1d144d8d909acdc149adeefd0434914dbc0c385aa45b70798927e1e564a2fcb3
- SHA512
  
  804d16097812ea42db117f60485218546e6571b4808ef6394425cea0f23dd1f532898a815a86a471b2ddd890dfa8a380f968cfea1fc05352c1c85e40c792cfa7
- SSDEEP
  
  49152:KcCNRQ3JmgQt8rEd2PhW+OfuhJYdET7fXeXKNrSxt7:K+mgQQ+Iq2hJO47/eMg
Score

10^/10

discovery persistence
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  549ee11198143574f4d9953198a09fe8
- SHA1
  
  2e89ba5f30e1c1c4ce517f28ec1505294bb6c4c1
- SHA256
  
  131aa0df90c08dce2eecee46cce8759e9afff04bf15b7b0002c2a53ae5e92c36
- SHA512
  
  0fb4cea4fd320381fe50c52d1c198261f0347d6dcee857917169fcc3e2083ed4933beff708e81d816787195cca050f3f5f9c5ac9cc7f781831b028ef5714bec8
- SSDEEP
  
  48:S46+/sTKYKxbWsptIp5tCZ0iVEAWyMEv9v/ft2O2B8mWofjLl:z+uPbO5tCZBVEAWyMEFv2Cm9L
Score

3^/10

discovery
behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  192639861e3dc2dc5c08bb8f8c7260d5
- SHA1
  
  58d30e460609e22fa0098bc27d928b689ef9af78
- SHA256
  
  23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6
- SHA512
  
  6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc
- SSDEEP
  
  192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr
Score

3^/10

discovery
behavioral3
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  b7d61f3f56abf7b7ff0d4e7da3ad783d
- SHA1
  
  15ab5219c0e77fd9652bc62ff390b8e6846c8e3e
- SHA256
  
  89a82c4849c21dfe765052681e1fad02d2d7b13c8b5075880c52423dca72a912
- SHA512
  
  6467c0de680fadb8078bdaa0d560d2b228f5a22d4d8358a1c7d564c6ebceface5d377b870eaf8985fbee727001da569867554154d568e3b37f674096bbafafb8
- SSDEEP
  
  96:ooEv02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YMNqkzfFc:ooEvCu5e81785qHFcU0PuAw0uyyIFc
Score

3^/10

discovery
behavioral4
- Target
  
  7+ Taskbar Tweaker.exe
- Size
  
  478KB
- MD5
  
  2a3fb32d226697b187e096ef015e4721
- SHA1
  
  4e8d22135072f9a61e517300b25477ee7db9c038
- SHA256
  
  8d5ae8da6321c571dd089afcf4c5eb0cc147d22df26a3707b9b2980ecac9af78
- SHA512
  
  4e828c3d8b09b4c9df6552d8c37def969d85ef25b26a266ec3ef57353c734fe4f96b2b1a63310ba9d98d85b2d24b5eb5600c2d213927ca86063019fffbdd532a
- SSDEEP
  
  6144:tZbiAeXNq3lnSSQg39Tlg1ASntD0oqYSGmOCQXl3zVG0:tZbixs3lSSQg39+1/aYSGjC8K0
Score

1^/10
behavioral5
- Target
  
  bin/64/7+ Taskbar Tweaker.ex2
- Size
  
  478KB
- MD5
  
  2a3fb32d226697b187e096ef015e4721
- SHA1
  
  4e8d22135072f9a61e517300b25477ee7db9c038
- SHA256
  
  8d5ae8da6321c571dd089afcf4c5eb0cc147d22df26a3707b9b2980ecac9af78
- SHA512
  
  4e828c3d8b09b4c9df6552d8c37def969d85ef25b26a266ec3ef57353c734fe4f96b2b1a63310ba9d98d85b2d24b5eb5600c2d213927ca86063019fffbdd532a
- SSDEEP
  
  6144:tZbiAeXNq3lnSSQg39Tlg1ASntD0oqYSGmOCQXl3zVG0:tZbixs3lSSQg39+1/aYSGjC8K0
Score

1^/10
behavioral6
- Target
  
  bin/64/inject.dll
- Size
  
  333KB
- MD5
  
  9df78b34f4a7103527568131469af806
- SHA1
  
  545b46d72a4661b4f631dfb33be704552669b086
- SHA256
  
  d1a1ffc13409eaedb53467a14745fcd86d0c9ee09dcfaaa4475fa9ba4e2627a8
- SHA512
  
  6b3ace500d4a66ccd7b95d58b3f6d2871f6e9ac37a97f3604d30f8d86cb541c7cc502cdffbc420a59535579c74a7c6319645751a51191a0633ea19a64f54f1f7
- SSDEEP
  
  6144:/RCxc4MNvLNrsUq0muhl5KSae9Mq1OuSn+wooyQx:/R6c4OvRdqKqeKqnS+wZx
Score

8^/10
- Blocklisted process makes network request
behavioral7
- Target
  
  inject.dll
- Size
  
  333KB
- MD5
  
  9df78b34f4a7103527568131469af806
- SHA1
  
  545b46d72a4661b4f631dfb33be704552669b086
- SHA256
  
  d1a1ffc13409eaedb53467a14745fcd86d0c9ee09dcfaaa4475fa9ba4e2627a8
- SHA512
  
  6b3ace500d4a66ccd7b95d58b3f6d2871f6e9ac37a97f3604d30f8d86cb541c7cc502cdffbc420a59535579c74a7c6319645751a51191a0633ea19a64f54f1f7
- SSDEEP
  
  6144:/RCxc4MNvLNrsUq0muhl5KSae9Mq1OuSn+wooyQx:/R6c4OvRdqKqeKqnS+wZx
Score

8^/10
- Blocklisted process makes network request
behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Blocklisted process makes network request

Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8