General
-
Target
0f31985c1d26181da4896981e5065a7dfc7893c23260d77c89d934834cc856af
-
Size
1.4MB
-
Sample
240926-hm8ydawejh
-
MD5
34e398c87bd159bba4e12493cc10820d
-
SHA1
eaf1782c4165eb50e03d923df8c6ce9abdb750ce
-
SHA256
0f31985c1d26181da4896981e5065a7dfc7893c23260d77c89d934834cc856af
-
SHA512
22c34d698a47227476a67129bf2e601f8f2c0c3a54563f2b6de946abda82aead965c78ba9b3bd96ae058e125b3aa48a845a52f418083b0c9c30830e80dfee8b2
-
SSDEEP
24576:g8KjKjGFygcc23L1/NVOmOSGb6E3ecS4fzrjxJh9UZXlpbPvC7xtYUrEmFlo+L6c:xKjKWQc2b1FVgbjrjxPe1pbPSQm1FloM
Static task
static1
Behavioral task
behavioral1
Sample
0f31985c1d26181da4896981e5065a7dfc7893c23260d77c89d934834cc856af.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0f31985c1d26181da4896981e5065a7dfc7893c23260d77c89d934834cc856af.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
0f31985c1d26181da4896981e5065a7dfc7893c23260d77c89d934834cc856af
-
Size
1.4MB
-
MD5
34e398c87bd159bba4e12493cc10820d
-
SHA1
eaf1782c4165eb50e03d923df8c6ce9abdb750ce
-
SHA256
0f31985c1d26181da4896981e5065a7dfc7893c23260d77c89d934834cc856af
-
SHA512
22c34d698a47227476a67129bf2e601f8f2c0c3a54563f2b6de946abda82aead965c78ba9b3bd96ae058e125b3aa48a845a52f418083b0c9c30830e80dfee8b2
-
SSDEEP
24576:g8KjKjGFygcc23L1/NVOmOSGb6E3ecS4fzrjxJh9UZXlpbPvC7xtYUrEmFlo+L6c:xKjKWQc2b1FVgbjrjxPe1pbPSQm1FloM
-
Detects Floxif payload
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Event Triggered Execution: Image File Execution Options Injection
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
3AppInit DLLs
1Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
3AppInit DLLs
1Component Object Model Hijacking
1Image File Execution Options Injection
1