Overview

overview

8

Static

static

3

Setup_10024.exe

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    PSemuX-7z2201-x64-851974.zip

  • Size

    20.3MB

  • Sample

    240925-w9cekstgkg

  • MD5

    d3b629957656cc281aa23150c7a574f1

  • SHA1

    9a7d2ddae09193513e4d03cd610c8b16e5de2602

  • SHA256

    e45789c541d22856f0c68dd6e6f2b8c585e17dbce7854504c2b95c02e7f0691c

  • SHA512

    5b9e71fd829bd80ef65f0c14d164a00e94bb6441c2e6042c595bc1b8da4f744c27ff1cc5180dda864277a3ea86b36455395519cec877d361d584eddfbcf48e91

  • SSDEEP

    393216:IR7MWhgHLU/AcwHQWJCLwHMqU3hS9ktJTPCJmZjldlZdd+TTti7W1:47UNDRCMHMh3hS9kthH/rdd+9yW1

Score
8/10
discoveryevasionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      Setup_10024.exe

    • Size

      66.6MB

    • MD5

      44a106a7b85cad7ccdd094f29a197c8a

    • SHA1

      b43c981bedea627b53c903dc45c70d96a24d65f0

    • SHA256

      845d190d245d44f4a8f27b6b3e545843a221dd9e29138dce923a2189a473e741

    • SHA512

      768b2175fbead4722333376409a458a9ea6d627c9f70292f813d8187d6b20fc6673c7e70fd188c6274053ec6a84273caa1b27ab979a0f6fa6ec83729d090acce

    • SSDEEP

      393216:gHHFEHHp1UNNtUWnYv3QYDez3QzCQSPIaXSz69II65rUVn:r1UNNtUWnw3ivhdS+9Ix5rUVn

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

2
T1012

Remote System Discovery

1
T1018

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks