Overview

overview

10

Static

static

10

TD Service...mp.exe

windows7-x64

7

TD Service...mp.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TDServices.rar

  • Size

    7.3MB

  • Sample

    241005-s12fka1akh

  • MD5

    f896cde1f00e237e76925b10691c5cca

  • SHA1

    b308aac2822c25492d5c58ab58ba2b65a8dfa568

  • SHA256

    7bb40f2c8da1c11da3632804c53efe599e14c0740e84298b6bd2f16432266296

  • SHA512

    45ffb1053e8adae566638b512c5a4fb0399aaf8de96e9e3734b88966c9a871d5c6571fb195db3ad2fbd623aac43c16fa88ce89efcf2ccec9e506e0ecb1a0888d

  • SSDEEP

    196608:0I8ig9+zOWrC6GJ6tKyqHhQhWiogIK4b/U7EPnpQStY0Hhr:0zfQzjrCLOUWIgzgtpDYsN

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      TD Services/TD Temp.exe

    • Size

      7.4MB

    • MD5

      bf8add560c79745d7ee0b45515549c24

    • SHA1

      18beeafcc1de02254599ee6337403687495fd6b8

    • SHA256

      75040c2970554d4538984df2517e722cf6fcd6ce02cbd694a2ec59fb08fba623

    • SHA512

      44a745eb9142e966831deabd83cbb93c7f80d78d90018153ba35fe09819f7f69af1aa1ebfaca664c802bd7bcf7cc2e3ea317000878cc71c6a56ca3d0728b0616

    • SSDEEP

      98304:gDSi8x9XQsHurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EJKhOC1126:g2P9VHurErvI9pWjgfPvzm6gsFEg4At

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks