4fecbca7a9831f0daff57f512abecdd1e9a99813adc0de5a7ce150a485e8a98f | Triage

Sharing

General

Target

wfc6setup.exe
Size

3.5MB
Sample

240929-j47mbawbjm
MD5

3d853bdadb5374a2787bbbbf7d9c77aa
SHA1

a2179b6c2dee1ff8dbf5a3b2d5dfb490c3677882
SHA256

4fecbca7a9831f0daff57f512abecdd1e9a99813adc0de5a7ce150a485e8a98f
SHA512

097b9d766dd2c3849b2f8ed6b8e8fd1769c7be625a44efb325bde41aeafc7ab2f1e13a31d1319bc40e79b2c960fbe6e7e57415c19d77e18838dc81ced0fdc662
SSDEEP

98304:sBoLHCWxrUBnsdmA/sR04TmVE4kqXf0Fyew7jJz11bB:sCLHCrBns/KPiV/kSIyeM1z7bB

Score

10^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  wfc6setup.exe
- Size
  
  3.5MB
- MD5
  
  3d853bdadb5374a2787bbbbf7d9c77aa
- SHA1
  
  a2179b6c2dee1ff8dbf5a3b2d5dfb490c3677882
- SHA256
  
  4fecbca7a9831f0daff57f512abecdd1e9a99813adc0de5a7ce150a485e8a98f
- SHA512
  
  097b9d766dd2c3849b2f8ed6b8e8fd1769c7be625a44efb325bde41aeafc7ab2f1e13a31d1319bc40e79b2c960fbe6e7e57415c19d77e18838dc81ced0fdc662
- SSDEEP
  
  98304:sBoLHCWxrUBnsdmA/sR04TmVE4kqXf0Fyew7jJz11bB:sCLHCrBns/KPiV/kSIyeM1z7bB
Score

10^/10

discovery evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence