Overview

overview

8

Static

static

1

CorelDRAW ...64.exe

windows7-x64

8

CorelDRAW ...64.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    CorelDRAW Graphics Suite 2024 25.2.0.301 (x64) Multilingual\Setup\Redist\Webview\MicrosoftEdgeWebView2RuntimeInstallerX64.exe

  • Size

    112.5MB

  • Sample

    240921-dphrrasdke

  • MD5

    d7c03e437e435c2b11317bd20ceaa22e

  • SHA1

    a127b3fdbd32dafa2a7062a31344eb7a36697d76

  • SHA256

    14af8d5fb902eb6def588755841fef72de91d836ca0e2c6bf7cf28fc4557d956

  • SHA512

    47dcb3525f91252cf31c5fa9a7d0eb38d8cbf7d0404314857983e0542a7257ec82f5c247f7220cb021edc30845232851f6c515aa90fda28b919cbcad738f730f

  • SSDEEP

    3145728:0JQIQ6DDpEH8O2TZ6ovvuD1hQJWs0HuijYDC:0JQeDpEcPF6AWoJ5W

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      CorelDRAW Graphics Suite 2024 25.2.0.301 (x64) Multilingual\Setup\Redist\Webview\MicrosoftEdgeWebView2RuntimeInstallerX64.exe

    • Size

      112.5MB

    • MD5

      d7c03e437e435c2b11317bd20ceaa22e

    • SHA1

      a127b3fdbd32dafa2a7062a31344eb7a36697d76

    • SHA256

      14af8d5fb902eb6def588755841fef72de91d836ca0e2c6bf7cf28fc4557d956

    • SHA512

      47dcb3525f91252cf31c5fa9a7d0eb38d8cbf7d0404314857983e0542a7257ec82f5c247f7220cb021edc30845232851f6c515aa90fda28b919cbcad738f730f

    • SSDEEP

      3145728:0JQIQ6DDpEH8O2TZ6ovvuD1hQJWs0HuijYDC:0JQeDpEcPF6AWoJ5W

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks