Overview
overview
8Static
static
3Dism/AppxProvider.dll
windows11-21h2-x64
4Dism/Assoc...er.dll
windows11-21h2-x64
1Dism/Folde...er.dll
windows11-21h2-x64
1Dism/IBSProvider.dll
windows11-21h2-x64
1Dism/LogProvider.dll
windows11-21h2-x64
1Dism/MsiProvider.dll
windows11-21h2-x64
1Dism/Offli...er.dll
windows11-21h2-x64
1Engines/spsreng.dll
windows11-21h2-x64
1Engines/spsrx.dll
windows11-21h2-x64
1Engines/srloc.dll
windows11-21h2-x64
__app__v.3...4_.msi
windows11-21h2-x64
setup/FXSOCM.dll
windows11-21h2-x64
1setup/cmmigr.dll
windows11-21h2-x64
1setup/comsetup.dll
windows11-21h2-x64
1setup/msdtcstp.dll
windows11-21h2-x64
1setup/pbkmigr.dll
windows11-21h2-x64
1setup/tssysprep.dll
windows11-21h2-x64
1wbem/WMIPJOBJ.dll
windows11-21h2-x64
7wbem/WMIPSESS.dll
windows11-21h2-x64
7wbem/WMIsvc.dll
windows11-21h2-x64
8wbem/wmitimep.dll
windows11-21h2-x64
7wbem/wmiutils.dll
windows11-21h2-x64
7General
-
Target
__install__v.3.9.8_x64__.zip
-
Size
49.3MB
-
Sample
241016-yz3vwstglj
-
MD5
27ad2a011216f797029109dab7e0e595
-
SHA1
a77ec481f5f1c1f80285b2345aed30d5552c76c2
-
SHA256
3066a182534705179d8b2613d54d3ff3c06b62141f7f22f2ce6a0c229169e0f8
-
SHA512
4a69e1351a2ba5e6362e9fdf8fe0948869054e052c676582ee965c292f7fea93499837412785d3cbb64e985b516a229a2879a350764c49ee39876dd4b3b0961f
-
SSDEEP
1572864:Wh9p+AkxOx6mkMspNbawUPlE6cJMVLYf7EhHfB7dHB2:Whx+M6mk5pshPlE6cyVLYQ5fBC
Static task
static1
Behavioral task
behavioral1
Sample
Dism/AppxProvider.dll
Resource
win11-20241007-es
Behavioral task
behavioral2
Sample
Dism/AssocProvider.dll
Resource
win11-20241007-es
Behavioral task
behavioral3
Sample
Dism/FolderProvider.dll
Resource
win11-20241007-es
Behavioral task
behavioral4
Sample
Dism/IBSProvider.dll
Resource
win11-20241007-es
Behavioral task
behavioral5
Sample
Dism/LogProvider.dll
Resource
win11-20241007-es
Behavioral task
behavioral6
Sample
Dism/MsiProvider.dll
Resource
win11-20241007-es
Behavioral task
behavioral7
Sample
Dism/OfflineSetupProvider.dll
Resource
win11-20241007-es
Behavioral task
behavioral8
Sample
Engines/spsreng.dll
Resource
win11-20241007-es
Behavioral task
behavioral9
Sample
Engines/spsrx.dll
Resource
win11-20241007-es
Behavioral task
behavioral10
Sample
Engines/srloc.dll
Resource
win11-20241007-es
Behavioral task
behavioral11
Sample
__app__v.3.9.8__x64_.msi
Resource
win11-20241007-es
Behavioral task
behavioral12
Sample
setup/FXSOCM.dll
Resource
win11-20241007-es
Behavioral task
behavioral13
Sample
setup/cmmigr.dll
Resource
win11-20241007-es
Behavioral task
behavioral14
Sample
setup/comsetup.dll
Resource
win11-20241007-es
Behavioral task
behavioral15
Sample
setup/msdtcstp.dll
Resource
win11-20241007-es
Behavioral task
behavioral16
Sample
setup/pbkmigr.dll
Resource
win11-20241007-es
Behavioral task
behavioral17
Sample
setup/tssysprep.dll
Resource
win11-20241007-es
Behavioral task
behavioral18
Sample
wbem/WMIPJOBJ.dll
Resource
win11-20241007-es
Behavioral task
behavioral19
Sample
wbem/WMIPSESS.dll
Resource
win11-20241007-es
Behavioral task
behavioral20
Sample
wbem/WMIsvc.dll
Resource
win11-20241007-es
Behavioral task
behavioral21
Sample
wbem/wmitimep.dll
Resource
win11-20241007-es
Behavioral task
behavioral22
Sample
wbem/wmiutils.dll
Resource
win11-20241007-es
Malware Config
Targets
-
-
Target
Dism/AppxProvider.dll
-
Size
574KB
-
MD5
eb9cbac1aa278b6a8afdb95a9feb4dcc
-
SHA1
9f12442d4cab56ab451d3954783632f77be7f8e4
-
SHA256
1bf704107250f4c08fdf2c450d4ab402ba5317a8c026cddf98c0ce225f487d4c
-
SHA512
ea86c2360622401aa61c8932571df2dbf6c5fcc438d5b1048d61cfe9542cba0b74c1454dced6a13a7cd20fbbe5cbaa0b1432b8e4a6feb6702fd0b7cc37b436f4
-
SSDEEP
6144:BGcJAp/KyBBQpdjUXE/wK6qGNJlCbVZ5jr0KdKkF5ofnJLZSzlo/Sf/c:BRJhImt9/0KdKkF5+szkz
Score4/10 -
-
-
Target
Dism/AssocProvider.dll
-
Size
113KB
-
MD5
b7db592706d3eefbcf0d5a166d462e56
-
SHA1
935123fda68594f0c52a765c4bbf468e4458189f
-
SHA256
de21321272862e7c332e1724dc315f06f3abe7a0340e61d351cab208d6bbf059
-
SHA512
91a1529db5816695c4424eaf71923ec63430b872cb1e179b6fa63c84acf0ac94baf71f39217f6c28818cd74fcad954a29f1e2efe655c5a0353f7aafdf8740f0c
-
SSDEEP
1536:Q9TBLzWvVZtglIDIQdgDbEyuh9kHsyj2HUkPi7Hl1KbPWYzzS:Q1uL6IdgDWjkH5E3eKbuYz2
Score1/10 -
-
-
Target
Dism/FolderProvider.dll
-
Size
60KB
-
MD5
589d4527d1b070fdb635db7981ae5fc5
-
SHA1
85133ca84bf43e7b3aa0054af66991c30ce68d3e
-
SHA256
011c5753d336a1898913f9ca2a5458eba88a93cb8c719a3cb222cad58ced15a0
-
SHA512
b065851dc3838c9f251bee7081b4c38d96bb3f62bf422b59fed2ff011c762540f8574d64c9c7277028f2588b5b713823df56f9803c65e109223895fba9ed5f8d
-
SSDEEP
1536:hexLd+GGpAR1uFs4mrYNjTURz6dZiFq1VSbFP0zm:hkUG+EIFRb9TURz8iFkVSbFMS
Score1/10 -
-
-
Target
Dism/IBSProvider.dll
-
Size
60KB
-
MD5
b5b8c30b6eadc678f37d865061684219
-
SHA1
c78dc8160d7f0d794d6a156d9194f16314a0a361
-
SHA256
f1bcba5928da73db1a78355afd4cedb8d66e09d28fcfa6ae75112c5e10b0d841
-
SHA512
de2b7c5a03298a467152a8adc308c4355ca420438b96035083d524b2058daec9d2434eb62d329f747eb9768af8324a306d1e257005df7ddc2ff093a73068e06f
-
SSDEEP
768:/MNsBtL+LsOHEeZMG8c4cWamUMvyARy0VnrK3Lemvfq/n7Ch1PiKai9zoYf:emsLsOkeacfmDjZr0SmKmXPG+zf
Score1/10 -
-
-
Target
Dism/LogProvider.dll
-
Size
78KB
-
MD5
1176e91f4f663b03515b4d944dcdd72b
-
SHA1
fa341a412720fd79fe1e1f6e11d850a4e103871d
-
SHA256
a4ae8aac8660aaa255cc8318c7971273201e62954d6d36ac5d7ec738fb218258
-
SHA512
c31f3bbff71ebc3f29813cf55754593262884fc71327db58622da62daa92062b1e8e2f6877a71ca832f40e7127c478d931661527485e801b74dcfdfaf6670874
-
SSDEEP
1536:o9mLBNlc4Rd1wbNA7elgn0+P+GEa80HGMX0Igx7DAJoN6PC9z:oMLlBRd1kSel4+k80HGMX0Igx7DAJoNd
Score1/10 -
-
-
Target
Dism/MsiProvider.dll
-
Size
208KB
-
MD5
0655a77306506895e5d3b5e7dbc833e0
-
SHA1
51087449d02fb42c948a1f53735bed1ccedd1ad8
-
SHA256
bfac469b3bfe0dc5419059d889eabb2ab1bdf1a6298a6de743cf0f189a48c679
-
SHA512
dab8ce18208670e720927f3d6bc317cb81b72c6ca95a92e637d9e19bec4666b3607747bbb3f0ef7285a41c49a26c2a52fb225224ece22aff391f89df2f9df61d
-
SSDEEP
3072:eAHjL5MM39qnOOL1QZaFsrMQ72dmTcWI+fByuc+RAuEvbB0MFuWdOEQlUoMI1+9:eAHfyMkraaSrGwnjfBI7bgWdU
Score1/10 -
-
-
Target
Dism/OfflineSetupProvider.dll
-
Size
183KB
-
MD5
db1c840507ea36d04d8f8f503804daad
-
SHA1
990152a67191059ac486074f0a50b97b840bd8e3
-
SHA256
23fac2578e222a023c7b67186d67070518c17f08a6c39644fbef76293751efc4
-
SHA512
90da4d328c27f1379f7f9e65019aa242e1899b1a2a5f9626f08aeea020b8f46583878891b8a73b4c555e381f1e8f8c5be5c54dce2d7a2498c2e3a40c8abcb5a3
-
SSDEEP
3072:Ko8F4zlDtDlWY32LCG3F4l96gsFYryk/5FS7moOFmh36ZtPW80iO:Ko8OzljW3CoSl9eOmkFsDJyPk
Score1/10 -
-
-
Target
Engines/spsreng.dll
-
Size
1.0MB
-
MD5
fc3f513dbfa7ae54ef4e3498d9e9784b
-
SHA1
3f29b2c3e1e34d3062b17525669cd3b6f82961a2
-
SHA256
67df7281ce98f247f25427232785a8d651472e21488bf2cb4ab57cbaab7be016
-
SHA512
d9594815b4a71ba70e16aa26317d7c8d93171ef958f824fa99ab9f8ee15885940d44d47334a6cf4668bdd27c10b3044db131d841acad631869e9d3853775f2cc
-
SSDEEP
24576:fAGx/PfINLsVkWOur35TgkvUnHNyop+1BwBBH:fBPgBHur356z
Score1/10 -
-
-
Target
Engines/spsrx.dll
-
Size
103KB
-
MD5
f3a75622e931e20dffd1daa951d71f39
-
SHA1
b94bb09eb306b88972397b8af555623f0655f086
-
SHA256
7b8f98be4bd2145e4e1e4c71c6d2a1b789c6810f0582209502f4666a035b41c1
-
SHA512
6222714a9f2f37cb58577ede6d8246c528488d878830313d3d84372f1dce8c5b79cef99c4ac5cf229f2366663f1bb1dc7b8855dcd234426cfa202e32a08e8330
-
SSDEEP
3072:HGvgUUbeZWCkPhh7rnrwwFQIgplqiOPRcuwtB9N6f:mvgD7rnVQIgpl16otB9
Score1/10 -
-
-
Target
Engines/srloc.dll
-
Size
475KB
-
MD5
29bb9b5d6efa4a639759e59641aa5821
-
SHA1
dc6e55ddb6f5c5061f48238e4aec290e26ec7804
-
SHA256
f373673d34cc74f76f8c951b664589845b9dd82c939f6973c67e8fff7d6f9840
-
SHA512
5e9d38856fa39f7f9221bca2c9fdb72e62590d9544e9446cd76ad983fd4454885e52daccfe8e1a71f1cbeaac1ba23e981b051fb89819532698af0aa20e15d65e
-
SSDEEP
12288:eQnZiz8HurXkIvbEoQwHG7jeCYtpEo7Tf:eQn/urXzzEtNopH7T
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
__app__v.3.9.8__x64_.msi
-
Size
51.4MB
-
MD5
25cf10e4cb809a53a6762d97bda6b3ee
-
SHA1
e200a4543b55e824485c66bb08b3b0a9acca7a98
-
SHA256
f49d3f3a5634cc854a78f5cc7183bd5e291bb16de20a55216b6f1b78461f7f9b
-
SHA512
cbd5ba433210a82a94cdd887810b9cb3817d010cdffd19434ded1cb06b1a948eae155e8cc2f6fc00a81dde76b26bb85c2c0ec9531a1a9d2d806adb156c31c23a
-
SSDEEP
1572864:Tp+Ty2SfWnHDk8FjVbfzPTq4l+R8hliQ59dG2I7P2n:W/0WnHDkkjBPTq4BhMQ5LlI
Score6/10-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
setup/FXSOCM.dll
-
Size
37KB
-
MD5
c0e3831d4f9a8342ed72c0e9237c1ffa
-
SHA1
19f993714ae9077735551f3ea52e2ebe4b61fd94
-
SHA256
0b4c139182ba9bf4cb7db9594f1db9c5bebf8fe3eff5acca338db9696da2eea3
-
SHA512
c3f7729ee1ff8cfe86b44be74b95576136f5f4e2c84ec53b322a671d4b8bfc95e08865848649a4595bda9d0830cbc93f57422cd6cf45d645877ad6b5841a944d
-
SSDEEP
768:QitJ48txXkygRE+jXR3H/qIK3MsJYjexGnNYXtPTA:BJ4YkE+NqIKc8K8GNY5TA
Score1/10 -
-
-
Target
setup/cmmigr.dll
-
Size
69KB
-
MD5
a8f16d638f620d8254143ee901a2801f
-
SHA1
7a4cbeac8f01cd9d78e24e6531d192c9be90dae1
-
SHA256
b87f0a07154926b1eda3a388d2e02783dde9a9ff1ea3bc27ab35443f0c07aafd
-
SHA512
064b140f47783422ba7f33a12cb2770a14dc5e2d24e8e31768de2331de032cfb9c3db7733711dde64f99593c6e81767b1042372c28fa0ecc7e57d272d99b5c58
-
SSDEEP
1536:HkAX1j1yconIhX9m8Y6T6NzFYLHxQhsLfZv0r9hNbpFdC+cY0C:HLX2JmXdT6NziF1bCNbDUHYr
Score1/10 -
-
-
Target
setup/comsetup.dll
-
Size
249KB
-
MD5
5b77a2ca50ff4bd7a8f3b830b0b8962c
-
SHA1
c6e4df1a16ff70d951f3949039909a720b238cb6
-
SHA256
a37689df6df071bb90f0348df5cd7d4e897a746b975ff11cb434cb3c821391e8
-
SHA512
a3d3b5dd08005cf80f126f3a31fc136cba528796bb68218f3b7cb95fac500316420d3423fb5d6dbbd376363ee85e95446193b142e9fbe199fc130fbd94ed74a3
-
SSDEEP
6144:PEYw2vAUePU1IWdJLRw3MMh3b2PzT5PLo6sQEVs:PEYLsU1J9w3OTP
Score1/10 -
-
-
Target
setup/msdtcstp.dll
-
Size
115KB
-
MD5
cde36f7995d40769094b1811706952e7
-
SHA1
84c118c1eb396afb368e83f35155dced503447fb
-
SHA256
1ed89f7401699319fcbc485a0d499985f5cc20a403a1d5d4de34014ab1c8ce11
-
SHA512
d7ebf0757f8e799c6eb5ed62e9c484877f1feb07f316740e0a3cd2e2a114e833acc29af8479f82189cae47d88286f9a25623eaae147bdfedd54074318c9a91df
-
SSDEEP
3072:dCIgK/7sKiAbO7OUZ9YoZCjvb6pwfarSr:EO7s37ZZ9YoZCj4wx
Score1/10 -
-
-
Target
setup/pbkmigr.dll
-
Size
70KB
-
MD5
c23b51110883ab62f1f030bf1ddd7963
-
SHA1
a6d17b756340fc08a07043375be5f522b6b89799
-
SHA256
f3b147f68b111e668d1395577bca255dbb902830dde33f7708b092534d6efbb9
-
SHA512
cca4944361608de960fdaeba642cd70a120eb59fd5908d0f659bdf2f710cf1ab3b15b772ca31a27d82818604e27c754ac4b22279735cc0c86b018e16dff1c124
-
SSDEEP
1536:N1oaQ08IzyG/4YrnVDLH2er+fnOkuSb6XqCkmP+hzB:NiaQqyYTnhqBDuSu6CkmWh9
Score1/10 -
-
-
Target
setup/tssysprep.dll
-
Size
58KB
-
MD5
69fdefe41fb1c8ccfc3c2d2586a84c9d
-
SHA1
4db96dba5d8b1a7485ac4d17266ad0edf732d46d
-
SHA256
e868261457b53eea8f7fe18cf10bc6374bce923c2b339dc0c0ebd9bd67f78eb3
-
SHA512
5a3211cd2164c29aa3716c6c36cdfecda38e6e7671984bb40ebf75ded8bb880db37d79fb95c0f70879936129201dde88dcad66ebbd866dd007afe48f53a2cce1
-
SSDEEP
768:Af9Bv0qFp0SFwu8t0KlXrhflbRV4rUjk7DzWl2LkGfDRu4MDeb4l0evpFNoTRoD:Ab5YRV4Ijk7DzWE7Ru4zb4+4pFNoTR4
Score1/10 -
-
-
Target
wbem/WMIPJOBJ.dll
-
Size
98KB
-
MD5
3078620fe465417a7c2f5d44d4a6fc42
-
SHA1
db2411e36df0be1f52f0b0f34e461c8534c5c1bd
-
SHA256
3b15c50364b4796f239933f4faccc6a5333a22f2c9cab7685f4537dcb56ec9c8
-
SHA512
ac5ac183b6bcf2adcfe473ccfae80b1274396c3a7c3ec05503752b539ad31bdec586b2f83939321d16411a1473a6301a72585e2d38cbe52cf38353c76a9bc1ee
-
SSDEEP
1536:aAhH1VZJYisWKXFgDmFp4XWB4+sfJgEO+5klcYznuLBbDN:aAFbZ28mgW2+sfJjO+5Oqbh
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
wbem/WMIPSESS.dll
-
Size
60KB
-
MD5
9be96954745d7c36a5726deb8ad28bde
-
SHA1
8e44a8b9234d4e73f9d9fa1f414aa24648a9ee7e
-
SHA256
8300c2da596f5c1a416d02a598e323cdb4e82fc480e125df6fb3aa2c53cacfa2
-
SHA512
7e5060fb071dc528d463e378635c700e63974f20e477114c756178de0d3def025c13f4383b0b1678634fd6a61b22dbe7a8c5d5726d6c59c71a40555eb92aa0d3
-
SSDEEP
1536:SXOWHEOQjeCKfEFIb0bnhf91dkSWpXIRqk:C/5QjeZfEyknhf9sS6YR9
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
wbem/WMIsvc.dll
-
Size
238KB
-
MD5
8828f0794cd83e81a9ca9b3bd0903bc3
-
SHA1
a374277de6eeb62bef9ad0f7ae43f3fd7ec299e1
-
SHA256
fc0fab4941a94299486709a7ff68ae7ce4d60ef597269743f3e8cce0b2c95463
-
SHA512
43cce7fecc55c7611dd3443ddbff64325e17ca9377dfb1c6abd2457e6d66313f66833868b4c6a28180b4a5e68810da0542958fd5aac6dd64cd8eba45dfe4a31d
-
SSDEEP
3072:uRH7TyNVxUt43PZwaAz0lbxSyaMWWzdoBrlbXJ+lkBkut9+W8EPusK7wJL7GGGqL:uRH7THm3xAzGxSyUsyBn0ky696f+Wg
Score8/10-
Server Software Component: Terminal Services DLL
-
-
-
Target
wbem/wmitimep.dll
-
Size
59KB
-
MD5
0e2fb8f7aa90d4e9442577321ffbd24f
-
SHA1
418c27d9ff8e1343bd114b81e0c89b4d6edbcb59
-
SHA256
33f3065cf0ba07a6e1f9b52c9e705d80e0326fb60290a0cfaaae2347de112805
-
SHA512
9482dca5365d2c6cbff4bc34931ca57064da374bba2fb237ec797c0b932cb55942f054ee39a6aef9e3d6142b4475c311fef01e2099475290d0e2247905472f07
-
SSDEEP
1536:mFGSn++7rpSp1Q2Hr3uMgv5HUa1jmZ+tOAtnI:mk+4p1Q2Hr1ghljO7AtnI
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
wbem/wmiutils.dll
-
Size
135KB
-
MD5
103768e150d89d6a759d9c85c5efcec1
-
SHA1
617a83d206b6944ac10be2250a942959a9e5e9c2
-
SHA256
5184cc67151f598b0ca7676e8aa582575816d31ac8faba9ec328c6738ac51fe5
-
SHA512
0c4990dc70df437985a4bed5c28654f04d05843bf4f728024c9a76251e9d7baf368537c973b8e3249ed825ed92e6c99580ca38da09400046ed87df8de7ec2c2b
-
SSDEEP
3072:vlFkYHH/lv01dEdQiNh+e13At2hIJl1bko3OTc:7fH/4dEdQGs2Y1Yo3OT
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Installer Packages
1Pre-OS Boot
1Bootkit
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Installer Packages
1Defense Evasion
Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1System Binary Proxy Execution
1Msiexec
1