1d37b7585b94ae72ff2b1f08ab084fd2e74ee265eb4b5a39616e8190e85e139e

Sharing

Copy URL

Twitter E-mail

General

Target

System32Problems1.zip
Size

10.0MB
Sample

241001-x7nkhazgjh
MD5

3baea37bd530c581c72ca876db5b2938
SHA1

3b0aa56510b804664d4155a95916b78030f6519e
SHA256

1d37b7585b94ae72ff2b1f08ab084fd2e74ee265eb4b5a39616e8190e85e139e
SHA512

6c3eb01aa4d9bcfc0b7edd978c34a55d0be2205b1735d5fd71b254c0c55eb4d2efe3417e43a9b5ca8ce211f4a418530b1241499ef464d3b009e0cd68dcd7085a
SSDEEP

196608:aiBPAB1zPMi9XdTKNGo+Xa+Du1BD4DHE8hfm8K2gGaJBfFJYGj/aOzBuRRqCu:nI1zPldTPojEmVQD7gV0Gj3Au

Score

7^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  ARP.EXE
- Size
  
  44KB
- MD5
  
  7ad9c1c824cb1e98180b32769aefce30
- SHA1
  
  8b2461fa751078af69aff86be9cdafa343158cc2
- SHA256
  
  dd9fc0223a9779504045aa8bced30668bb879a8007e263f2def02d87688f886f
- SHA512
  
  77269dc3f33e652ee66e59e709b24a3ab5a071d1c22594aba7341a4b6dfb3466d30900e88141bdb16a8a516ce56c830f6c87dfbdef638987d4d9079f177eb48f
- SSDEEP
  
  384:DfMgzBSh6zuHkasb6STAr/aextOeILdvVngYkix66SOjLr5LWS6mW:DV66q86S2lqdO5ixrSOj/5q
Score

1^/10
behavioral1
- Target
  
  AggregatorHost.exe
- Size
  
  300KB
- MD5
  
  fb1c5294ba83ef6645362357110f98f7
- SHA1
  
  21a8d223bb795823759b4a998301f38c1162ae34
- SHA256
  
  7201080af16b62e89c9827d354ae7ed9752fd13bb2295bb07b7426635ee2a82b
- SHA512
  
  b37e45bf351451e912e670fafd40a738ecc1e398de08309c366e22e7bda7b713a315b9b9e2c0627aed4f03ec3732e84e2938a9777c6b06dbfed7a6cee2f7a3f4
- SSDEEP
  
  3072:gDvL7Xjptq2xoiMXcbOl82CwcHgaz0C4TwbgLC+1drOHKNUENFQFMsSObMRlQM+o:gDvzf3bOlJaAaNoECCTHaybMlB+Tkq
Score

1^/10
behavioral2
- Target
  
  AppHostRegistrationVerifier.exe
- Size
  
  140KB
- MD5
  
  5ea1a5f978e5c01ec8cc137f143b3483
- SHA1
  
  9a4de2e1cffb5c405fa5abd6788fa9bd0812b038
- SHA256
  
  07024038339359d8c4ab8333b61cc2869fa0a535d6e61ebeed2fb9067393f384
- SHA512
  
  85603a45afdeab24db5df46c0a717307e1a98e984d8b43c202abd9d44dd29bd9d0b193805c0e212acb104e1177024ea0ae31ddf2993ed916b7533a81e36870b6
- SSDEEP
  
  3072:diDZutHhlg0ImlXtBMU4C6y+HDgraupQ6SD0wL+5:QduBg0XVlpT8xL
Score

1^/10
behavioral3
- Target
  
  AppInstallerBackgroundUpdate.exe
- Size
  
  61KB
- MD5
  
  d08824463914e9e146d845cf1f03b34e
- SHA1
  
  cc593f2cb3e83e0ee53a102e363f5d760d5a6a6d
- SHA256
  
  669bc3fc4a22ba0b8a36e676e00519a368b9735654d3df52049495f1a4d63d1b
- SHA512
  
  b864b54429f27f1e68e25e931fc43708ae1ab0225365c3804b3e9dd9aaa22c57c3169a9a582d54d8c54ac49156dc7ba087e425776c6949ce8a9861989d38ee28
- SSDEEP
  
  768:w/yTbbApwORdsG+2rTPeFT9odnqipczdutByBYDarQ0yid1PVgds9zk:kyUpRRF+OGynqim0ByBMaQ0yiLPSdkzk
Score

1^/10
behavioral4
- Target
  
  ApplicationFrameHost.exe
- Size
  
  94KB
- MD5
  
  ed3c3881b72fa30700f8c747e30e2a92
- SHA1
  
  723d9a49679c6c6756a273d7e6ca68775e501f51
- SHA256
  
  535de7244aa6fe8eda3a5ae3d8bbaa5d6866c7a134dacf38097300008ae634d5
- SHA512
  
  9ce6389a9850fe15a7ef03a92e112788bf68a64c1ace1ebb8fa5bc8f4b1e0268c0414c6807796863be030554103de0f3bf6881d66f92497c3605fcbcf502952c
- SSDEEP
  
  1536:oq+IoVBFU4MCtjh+GLEoQ9j3hQ/N5mZpckU4owEPtzy:AVBq4Mq1VubC/bmPDUdwE1u
Score

1^/10
behavioral5
- Target
  
  ApplyTrustOffline.exe
- Size
  
  1.1MB
- MD5
  
  632699fa95b0595fe41603e6a504ddd9
- SHA1
  
  73f736bd883ca1a46ae2ac9c0dcd4ba82523e948
- SHA256
  
  15807e5775ecc86cab7ae3e67da1607157c82e37a55815c7857ff7f23338d75b
- SHA512
  
  fe9e5c3db608d313cb879529653fabce9f5141530dd323962761e2fd653b78d1ab3cb10c851f2372724906128b5dd4033f14e100e9afac127521c5d92316b5b4
- SSDEEP
  
  24576:09ddDwIH+oaroRvfi/FBfunGovLXH2DDcsCHEIPF2:mV1HfOj18PF2
Score

1^/10
behavioral6
- Target
  
  ApproveChildRequest.exe
- Size
  
  248KB
- MD5
  
  62fd0ecf723355357c3bf1d7ff0e0a43
- SHA1
  
  058a90634bd160f4885488786422451722615814
- SHA256
  
  d1babc50794ddf3bbe47cfff623e92f81a919cd94014ece7c7a5629883063ba8
- SHA512
  
  9732e773bd63304240280aa21d2f30171517bd8efd9dd78e12ea2c162e0adfc0e58527f31e86894461da5e71cde729ebea17a6d6df7717bf22a735a2f0e4fa22
- SSDEEP
  
  6144:bY/t3IYcL8xaBUketqxIYVB6a2nfRGKdDPDvV:bY/SxLcaBUkepYVdcnjDt
Score

1^/10
behavioral7
- Target
  
  AtBroker.exe
- Size
  
  136KB
- MD5
  
  359a63692a51e0d1331aa2a20dd311cd
- SHA1
  
  681188015ef794ff9c0457af9919ad000172bfbc
- SHA256
  
  c4955e21e42c08190a717206805ae430507df6e3391999787e177a0efa797bd6
- SHA512
  
  de5f38c86b7a453a694233bb761b23cb627ef28c1bdeed8c02a6cd6921a6e2dedbe03c4582d6dfb0f59cb757677050d03a50a698fbd5cb5f857c31e82911b0e1
- SSDEEP
  
  1536:1rpA2koXdmlhh0umNBO/FhmhKiu5DB/1NEGBp3TAMlQYtOEzZSVoFwCPKWIu8Ao7:1LkedcGZAAE1SyBKWgXAC
Score

3^/10

persistence privilege_escalation
behavioral8
- Target
  
  AuthHost.exe
- Size
  
  154KB
- MD5
  
  14f675f8506da96c2f1c47c7be5abdaa
- SHA1
  
  34f4929d325f4ed7b7d3d318f6b6142f8a5013ae
- SHA256
  
  6778d42a25b4ab28fa157d9b9eb63dc826c8a6faac650ecb5e33b13954f88db1
- SHA512
  
  d1f3e24a3f1440421de4b5daf2880e74187ce96aa53eae466b49edcedd2e2d988c2e51c1aeebf6e162ced41b4d727e97f654ded6e71a79363665ea033c2c38f0
- SSDEEP
  
  3072:SnNyfCggowa0ae7e2Qnv21RePqrR1tm35hAYlGzooC5eQRh1EF:GNyfCggowtauP30qrRXm3U0oC5Hja
Score

1^/10
behavioral9
- Target
  
  AxInstUI.exe
- Size
  
  80KB
- MD5
  
  fa77aee16510df86234656225bf2cc2d
- SHA1
  
  c21d71ba33866d2b835b62efd0cceed73f0ad2eb
- SHA256
  
  b7bd6859434dc15e1ec9b9337ae08786413c3b01b7962eb28488f00f787e5c62
- SHA512
  
  63e37e2147a41eeb5915cf43cb806a31d4014b284625aa64e257c955de00ecec56720c3b2a56eab48d0f91c94d763fecbee984cb171dcb040deb00569fdae30c
- SSDEEP
  
  384:q+tLA0eDxQQkXQ5Z5T+1xq3UZU9a1xq3UZU9+W/IW:qcedQnQ5Zl8ZU9QZU9f
Score

1^/10
behavioral10
- Target
  
  BackgroundTransferHost.exe
- Size
  
  60KB
- MD5
  
  777bbc2e4dba510015f23789da4bb304
- SHA1
  
  61b3b6ec7d7ceed71e0effc7b011111749e18f6a
- SHA256
  
  09b6ecdff76eaf9a7ff6bddc8108f3424f1e35675ad4288acd3176f54c4997ca
- SHA512
  
  6368473a6352be757f800a2baaf1a91c8de9712d51184b76e36ac64243844574172f97caeaa2cddcc0fb5b309e7369758baa06533ff2c68832f4d149bca9aba2
- SSDEEP
  
  384:lY81FFMhllotNxXAs5LUUUt610Gsp2YAeYgU5W0AgWLQE0g7qW2RPT/8rFeZmJhE:lY+LXx5UPt6OgesEz2a
Score

1^/10
behavioral11
- Target
  
  BdeUISrv.exe
- Size
  
  76KB
- MD5
  
  74bf1699bf656e4bccbce58ed8db16d9
- SHA1
  
  43c3250ce2aeba0d6383f914406571e607a8fe08
- SHA256
  
  30aabe02ec8e81989d7d87e0bd78f03abb82bedeade7c0959ef1913aaba33d14
- SHA512
  
  801e5952bd0f9874cb56456a07ade6a880bb370ffcee8735c923b7da0fc47695e465b424a4482713bfea928a7260a8e4c27de4297cb9329a56c408afa5d23d62
- SSDEEP
  
  1536:WdxLrtJJNRvQvQ9ur+B/t3TPfcLC6nBEuNZyJFbx/kExUgwue:MLvRvAr+dt3bfcLC6nBEuD4aExUgs
Score

1^/10
behavioral12
- Target
  
  BioIso.exe
- Size
  
  651KB
- MD5
  
  9dd88118530733efc5edea9b3af145e2
- SHA1
  
  3d2ca14dfdf799e92ff2c3c75c694388e7b20b2c
- SHA256
  
  3d4b4a7a844f9239b086dd31b1dd934888ff7cc74fc05b9b335ad425c3f4f0af
- SHA512
  
  5e7a87a6ec407c047e0655d31ceec894c05442dfe37e3076ccff14fa387031e7298dad796f8b0fc551596b0b7251957df57b33c9d95aa81a23092e77bc34f82f
- SSDEEP
  
  12288:3W929b4X+cQhS4g/1xGC8jH6+TL0SkZyAj:+QhS9/x+TQSkZJ
Score

1^/10
behavioral13
- Target
  
  BitLockerDeviceEncryption.exe
- Size
  
  180KB
- MD5
  
  1dda2103074bf97adacdf72089bf22d3
- SHA1
  
  43c5a1df246c70aae01e7ea9d51829dfd7d8645f
- SHA256
  
  9b42b6f2dd9680cd21d214fba6df8627e50b661e632620d92115e52d8b205b4a
- SHA512
  
  d0b3439a114759f752a518c17a286043f2817d202f616ee9f55dd3a82f7a9e7083ab020831850ae1cd86c15ad1f6a57db1d98b5449932c82a4a2145167a1100d
- SSDEEP
  
  3072:fiVTbpnzdlpOaEJGW5eZJNiPYR5wvZaRhG4R+NXvk+0497OHRghedl:K3zdYeP0PYR5GZavGQUgm7OHh
Score

1^/10
behavioral14
- Target
  
  BitLockerWizardElev.exe
- Size
  
  120KB
- MD5
  
  8db256754973298fe82d4537f5b06592
- SHA1
  
  5691c7b1c048ad0e071963b3f3ab1b2e759284c8
- SHA256
  
  75f2f5c0894b7d931491ea62be628b4ebf80de2f89735e2107c1035bfe047740
- SHA512
  
  7312f2c744fcc5b780be2f9a27bae38e9b67f5391ce6145ddc5839ead7a60481e68f9a18f00e33f80baf275f1d62489bf0b351573a34f9e969e270324502ea15
- SSDEEP
  
  3072:aemDo3wnVS570M9kdatGCO+xmBc+hMPhPsx:abDLVs7nyatGt+SYF
Score

1^/10
behavioral15
- Target
  
  ByteCodeGenerator.exe
- Size
  
  108KB
- MD5
  
  268e0cf733984de2ff2d898de1dd2b2c
- SHA1
  
  9ccd067bd1190584d54305113499d01427a706fa
- SHA256
  
  4036812fc9aec9ea8077c8323919d93a8091fb98e2ebfcf67697595f55ceb71b
- SHA512
  
  c3458ded71059d9b9532f86a9044e8e0a57b7483a2783e17cf34f3081b07fa353bf0a42820ac432dd9661b25273ed96f3e2a0733d550429d71935cec5ee12b4b
- SSDEEP
  
  1536:vj9UoZa1lhVfaeQDQ8DNT8EFJOLgpdpLgBzVBthqMMyUrtzz71z2uqxUcUcfMcnW:vj9UnPQc8NT8EFJOhLh53UrT2uI7MyK
Score

1^/10
behavioral16
- Target
  
  CIDiag.exe
- Size
  
  60KB
- MD5
  
  f6b49d45c565fdfeb25eadf770a49067
- SHA1
  
  970e9895848d406e41096c4f41828c29613c9818
- SHA256
  
  c51fed47ec2ec4f8197066df011ddffbbea95640b3faeb390ec35ee3823c1873
- SHA512
  
  4ae8854482a4913edcacea2e8af61549bcbd6b329f68933c1e817e626ab5047208642f98f449eb903b35603727bfba7a218059225e229505e628305ed99f8a46
- SSDEEP
  
  768:YJ3IyeVTarEy4nq+adCY2lxfWgWiI+tNR4ptaZJSl0gNnn3sVw8HB4R:C3IPVsnexfWgWiI+t+taZJS+gN3qw8o
Score

1^/10
behavioral17
- Target
  
  CameraSettingsUIHost.exe
- Size
  
  57KB
- MD5
  
  beddc70010ad9f0554f95863f057fab8
- SHA1
  
  69f01fe5df20a5b8cb3e491e71dbb6e8d71bc762
- SHA256
  
  b6312ca0b4bbabf73c2fcc4b9cfd3e2d5f6adb3135a44f708d0d62c26ffa6305
- SHA512
  
  278ef6bd6cdb7ce8f425f0662c2b315792f64ab13e4225e4384742660c0246a758d53e549830841492bee63e4651d61fba3b6aba67a21d387cab5bbbf21e9fca
- SSDEEP
  
  768:X5zXaWb2HOq/hn2UCDKOAxT1PFUJu9zOR:XlKWb2uL3DKOATPgqz2
Score

1^/10
behavioral18
- Target
  
  CastSrv.exe
- Size
  
  90KB
- MD5
  
  926a9def76ad857825c435eaabd4a686
- SHA1
  
  b96e9857cba9fbca67d6cb9449b2218df4488517
- SHA256
  
  77a1f38aa476f33cf8295028c24d846caa6445efd8cfca9ca85cb020085b64c3
- SHA512
  
  e53f6d5ea7fd748615f8619abb3c77f635e4f7ad52873db19449e25407300cbd660533f2b2396a759c899f2f56e45f0686c4fcd430b580979cbb3a04547dd83b
- SSDEEP
  
  1536:UaHAfG7t2Psd9rjgC1JEvg8HM8cVwaPEdwwPR/zup:UaHA+p2PsHrj5JEY85AhPEKw5/W
Score

1^/10
behavioral19
- Target
  
  CertEnrollCtrl.exe
- Size
  
  64KB
- MD5
  
  cd481ea6ee0bf8bbf130c7a17f0ef14a
- SHA1
  
  82b5c4f358a8f3bb9cef90163b5820c28096b0ec
- SHA256
  
  c956e87fc1e63bdaff09655345dfdb84e98205e7129d2b00810f87575950280b
- SHA512
  
  befca785ba00429e0d9f82ff3474c28a86f092bcfff5326484c481c03ed3cbf19e42e092a81eaa1be73d32c8335870166955ddb60b1e710b3057d2166d7660ba
- SSDEEP
  
  1536:zX1QQ34YAnhH4aJUZySmC36W+N4+BJoZ8ZgfYHXaP:zyXYAnhHlJUZySmCKWJ+BoWgfoXaP
Score

1^/10
behavioral20
- Target
  
  CheckNetIsolation.exe
- Size
  
  52KB
- MD5
  
  fc6d9ae86e0f91c5c2b246eb63ddf6f8
- SHA1
  
  76d0d51b3107540546637948e51c9f481be25cb5
- SHA256
  
  c5769e6a5782eed6c5e71375d24d365dc9341f3ec49689d4d55e224103331b64
- SHA512
  
  1d9c19233fe96ddf4685027b8f48e84f66c8c56553be6887f8e703074a8450625ff37774eba6365426910f7b310a45472fd6d2ab33f52a09556ca6f209fdb84e
- SSDEEP
  
  768:qw7adATtR10H/MDJKQ78Hza94ZSIkKt2HIoj7pU:qwmdpH/3Q8za9Y3t2Hnj7p
Score

1^/10
behavioral21
- Target
  
  CiTool.exe
- Size
  
  309KB
- MD5
  
  7d18857394202da14ae6ebf2c4ef5e07
- SHA1
  
  89cd3922fa4e26f4efc9bf0c75a46467f3bd43a6
- SHA256
  
  edd0fcc5eedd981908f69e31e7b7e9cc2f8fab11c27b7d453c47ac4979fdcb35
- SHA512
  
  0006d41ec8239dc381eb3aa5469dae86d4534d47567b9004ac601f27aee0a846fd297f103ac648c1cfb8ddbb01ea671a7f29e084f3094b861707a81b92dbc578
- SSDEEP
  
  6144:F4l4gpgzgr0DoQoPvd0tsao67KYU3kHeKdFrjUvWI9Qi:2l4gpGgrTQAvd02qpZtdU
Score

1^/10
behavioral22
- Target
  
  ClipRenew.exe
- Size
  
  229KB
- MD5
  
  7feca989f690ace04631529952989cb1
- SHA1
  
  b897e3f2cde02579fbb2f7fbe2ca06a802742793
- SHA256
  
  9871335fdc1d8b742047869c6970cb350eb4bf4e54a73b76e389302b580defb8
- SHA512
  
  5942bf429e71aaf8e89d27df789a4ec15de52375c52bbaf6ddb1cd9d4b1713d09f3909d61503911732200ea5d1411cd0fee0fbe98278bbd2537da746ef6c1c2e
- SSDEEP
  
  6144:eb2y0Cgi/DjHzrHhUA9pa/0grgWY86McIz:eb2y0CgiLLD9pC0grgWYbMZz
Score

1^/10
behavioral23
- Target
  
  ClipUp.exe
- Size
  
  1.1MB
- MD5
  
  c1d4a3253dce272873779348f9f2cd91
- SHA1
  
  187bc5a97ed28de887c95c9eaf8ce93e409b40ec
- SHA256
  
  9e88a79be2efc35732a59e8b824dbcc51913f18b9e097890de7d2b81f7b140a8
- SHA512
  
  43ff237f99ac0deec21ba70bc37d65306d56376a4e49ed7e9ab5ba263a2219b7d69e4b28d480e21373c2bb5063cf9acde5c1087e0bad20634f80da8a152ab174
- SSDEEP
  
  24576:3VZDj4e+72VoMzMj2l8Akvpziw8/VFM4es5ecFZFL/ofMO4kbOUs:3VJ4e+72VoMQjbowoMo5ecFZFL/KMO4Z
Score

1^/10
behavioral24
- Target
  
  CloudExperienceHostBroker.exe
- Size
  
  93KB
- MD5
  
  acab13c4107a08bf60a12d40d0ae08d0
- SHA1
  
  82cea8b253f35a48f250c4ef92752360cbcf142d
- SHA256
  
  45b8fb7411f533cf6c3d386f08e2cb8b3b15f7c1fc1ef7b93de601fdebcaef56
- SHA512
  
  87f24ddd146521b6497e8a9d07f85183fe2d46e38480184cdb7b6bd234ad9211472351261707de9cf48108b0a03775995a762fa639576f729e538dee356d31ac
- SSDEEP
  
  1536:WikEFoa6fhvhHBpp1XA+R3wVAq9X+WKaNogrfT6uUNjpaUEPjzC:WiuRHBZXAimX+laagrfT6V5AUELO
Score

1^/10
behavioral25
- Target
  
  CloudNotifications.exe
- Size
  
  106KB
- MD5
  
  5b7cbe876830810f87653965a5707c06
- SHA1
  
  240572965dd1049eb091a9f83ddf47c879c5594f
- SHA256
  
  c0341fbecd0c57f8d5335b13fee85c878494bce5a11032b18f521ac2070d7534
- SHA512
  
  84d34fcf9f13afd3ccde1bec6d8c274ccf317b7712fd07737f57d16c887c77223323b8e6a4e0092321734a18502858d078665a0c52fc0b4771e30c99d970ce17
- SSDEEP
  
  3072:w3LXHNBclBqBkkbsEA+Ei2j0iZuoHAjoE6pd:wbXHTcHqBkkbspgiZRHNX
Score

1^/10
behavioral26
- Target
  
  CompMgmtLauncher.exe
- Size
  
  112KB
- MD5
  
  9b338bbc0ca0db9dd4b46048043d4e30
- SHA1
  
  71ebbe2dc095a2fed76797d5fe1d79418261d813
- SHA256
  
  7002d90d2beadfe0607062f253a8ad9ff8d941e556e75eda61ce88b2eea7db31
- SHA512
  
  b82492cc5e66e136644a14418b3d4b6315619303dafe37530e8ed817680e3cc60270fc9d3a01fc1e7c9af7dd42eeb44c95687ca0b77d584075dc414eaf691de6
- SSDEEP
  
  1536:E+95/l3GrFooVWgYMHZAW9PJo65ddiIr+KlOo+vi6Uf:Bl3OocWgLHZA3ad43Kco+Q
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral27
- Target
  
  CompPkgSrv.exe
- Size
  
  144KB
- MD5
  
  d07e65dd67b1d3f75009b30ead1df5e4
- SHA1
  
  ab9ead4d0d6d4217c0df6213571fc40e636560f3
- SHA256
  
  1a2890f9dbfbf8bce6c39f27149aa8b0381edfec1e795b3b8a961591ad1039e2
- SHA512
  
  4f8561c377a2d49899a1d3be55857682e197bae8c2b088c9ba6982a4ca2bb509ee7fc1b087391380f647a23b0b2ae9a4ec9cf11c2a594f5b92d8f59a8b70b238
- SSDEEP
  
  3072:dGw3YYapzNbCmRhpn6gVRvSClnCKmtgGLRt+KmDky78FElY4:g4YYa/bTRhpn6CRvSClCKNYbjXEl
Score

1^/10
behavioral28
- Target
  
  CompatTelRunner.exe
- Size
  
  301KB
- MD5
  
  e4ba35943fd93e64c91a7a09aea25ca3
- SHA1
  
  d77db05850b85a550e115250beb66a4171367112
- SHA256
  
  37924573b9795302f70b70727c54de6f53e28398bb2a3cefb6253dead0b458e2
- SHA512
  
  05e0ca415acb096d2f3c011f715eceb153f1e1ac9171a0589bbb56af1267f4e8c4cba4b4f40b6c6c362eb9fe1b78b16c2d6a016cba2676d0321b4b3b3a375077
- SSDEEP
  
  6144:FPEP1e3+JbSoZsuyUux8gYZNCpnXmukySXM/f:FMPA3cbS9uyUS8gY6pWLM/f
Score

1^/10
behavioral29
- Target
  
  ComputerDefaults.exe
- Size
  
  68KB
- MD5
  
  5c74f259f1e70356514b27eb518b8901
- SHA1
  
  c3e28513e92c7a9707046061d1808fa7a32948a8
- SHA256
  
  274aa1b7c137d52383e493e85e87dd8545beda2c465b251132f1f708b6d6cb50
- SHA512
  
  af69bae5d7802352aed4a4914ecd29aa9457aaab7d168a081dd291542a8b435f404acea85534a033c7a2f56f1e981a311014247ca2b78ff5fd75b3921b55a44c
- SSDEEP
  
  1536:CxR0J/hnOscbeUiyZURDoq4OZZZLlCIibC:rhIbFPWRD68wbC
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral30
- Target
  
  CredentialEnrollmentManager.exe
- Size
  
  421KB
- MD5
  
  4a2c61afc5f7c4b99ec76b9bdb5f0036
- SHA1
  
  e99c2882e5d0a2f68b0f10739bb003f52fd1395d
- SHA256
  
  6b04083527f901841adddd4d7a749e1d42432ecf88866cf34e77702bcdda2035
- SHA512
  
  1cc6c79bf5908540a38a894a3cea9db2c66bd9b2366a26fad3c5dd424b10ca38ca99b28e68d99178c68363ad3cfcaceebe0cf4989bb38b72260890b58acf0b3f
- SSDEEP
  
  12288:QZCbMTQtoUdgmleB0McPRl7lPYyP786vJWr/cpx:rATQt7+mleB0M0Rl7lPYyPecf
Score

1^/10
behavioral31
- Target
  
  CredentialUIBroker.exe
- Size
  
  183KB
- MD5
  
  02e0318501d198153afc8bd78ee0d0f3
- SHA1
  
  1b57c2de5fa71a22d82e6b14ca5b0363afb65380
- SHA256
  
  5b9c5a2e63701401d47d6badf14c940a7c8e2db08f237b780646d1587d91f69f
- SHA512
  
  243261bbe564bfb917e30a6e834716046e147bbe87a9d189c71c5da1995661b2fc02e97718605b45a64d8a3b483f55df633999e93324103a21915027d1004179
- SSDEEP
  
  3072:fjrjjOW9kf63zSeqC5CWJPqAau93GEF/FbQR+UejBLQqUbPt+FEnD:f/jjOW9kf6jSeqCYWcAauHF/FbQU2rbx
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Drops file in System32 directory

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32