General
-
Target
9f3d8045d5a7d93ff3d9b6fdb068a4e308462036ea7eb5ee72ec76446285667e
-
Size
1.4MB
-
Sample
240926-hpmsxsweqe
-
MD5
9af1f8e925baac345cbf2cabc8989046
-
SHA1
9b8909e57b3af1351dbc3d75969e0d3095d266ce
-
SHA256
9f3d8045d5a7d93ff3d9b6fdb068a4e308462036ea7eb5ee72ec76446285667e
-
SHA512
1b09a03c6e3e6684a618f44a6ebd78aa345c986db38c8d13c4fd8a9a7e9509f31ccb9ca70f9da26739532ecb1a375ff3b744626e33ccc1ee10f1258fb2b6ea56
-
SSDEEP
24576:6juOx5SUXJW/D4xUa38vKdTIkpgSWC+osF0jzZVb+t35cMYlG96NMBJMncaMvD+Q:Gx5SUW/cxUitIGLsF0nb+tJVYleAMz7V
Static task
static1
Behavioral task
behavioral1
Sample
9f3d8045d5a7d93ff3d9b6fdb068a4e308462036ea7eb5ee72ec76446285667e.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
9f3d8045d5a7d93ff3d9b6fdb068a4e308462036ea7eb5ee72ec76446285667e.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
9f3d8045d5a7d93ff3d9b6fdb068a4e308462036ea7eb5ee72ec76446285667e
-
Size
1.4MB
-
MD5
9af1f8e925baac345cbf2cabc8989046
-
SHA1
9b8909e57b3af1351dbc3d75969e0d3095d266ce
-
SHA256
9f3d8045d5a7d93ff3d9b6fdb068a4e308462036ea7eb5ee72ec76446285667e
-
SHA512
1b09a03c6e3e6684a618f44a6ebd78aa345c986db38c8d13c4fd8a9a7e9509f31ccb9ca70f9da26739532ecb1a375ff3b744626e33ccc1ee10f1258fb2b6ea56
-
SSDEEP
24576:6juOx5SUXJW/D4xUa38vKdTIkpgSWC+osF0jzZVb+t35cMYlG96NMBJMncaMvD+Q:Gx5SUW/cxUitIGLsF0nb+tJVYleAMz7V
-
Detects Floxif payload
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1