03de03dc37dd52830dc3b7fbf4effe624a772b00d7b8b719ee3ae49920581cee | Triage

Submit
Reports

Overview

overview

8

Static

static

1

Outer.Wild...US.msi

windows7-x64

8

Outer.Wild...US.msi

windows10-2004-x64

8

Sharing

General

Target

Outer.Wilds.Mod.Manager_0.14.2_x64_en-US.msi
Size

4.1MB
Sample

241020-25yd5sxdrq
MD5

c92b22cf8829efb10088b314277fa1af
SHA1

1dbc27bb993ced2ef76e3ed57723711fdcde0df7
SHA256

03de03dc37dd52830dc3b7fbf4effe624a772b00d7b8b719ee3ae49920581cee
SHA512

34cff15e94ef7325bbfd29f5de296861a60cbabc8607b19debdaafa8218c2230d28cd99ea4efaf69c49faf0c402841a2a054888b7d5d558ab0d44d451f604e97
SSDEEP

98304:v3zDWw4hrh62Q6Gyug3Vhgd7yBi3+EKRUzzY9ax+EqZv8m:v3O/rhPQTyugl+dW2z5Z

Score

8^/10

discovery execution persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

Outer.Wilds.Mod.Manager_0.14.2_x64_en-US.msi

Resource

win7-20240903-en

discovery execution persistence privilege_escalation

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Outer.Wilds.Mod.Manager_0.14.2_x64_en-US.msi

Resource

win10v2004-20241007-en

discovery execution persistence privilege_escalation

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  Outer.Wilds.Mod.Manager_0.14.2_x64_en-US.msi
- Size
  
  4.1MB
- MD5
  
  c92b22cf8829efb10088b314277fa1af
- SHA1
  
  1dbc27bb993ced2ef76e3ed57723711fdcde0df7
- SHA256
  
  03de03dc37dd52830dc3b7fbf4effe624a772b00d7b8b719ee3ae49920581cee
- SHA512
  
  34cff15e94ef7325bbfd29f5de296861a60cbabc8607b19debdaafa8218c2230d28cd99ea4efaf69c49faf0c402841a2a054888b7d5d558ab0d44d451f604e97
- SSDEEP
  
  98304:v3zDWw4hrh62Q6Gyug3Vhgd7yBi3+EKRUzzY9ax+EqZv8m:v3O/rhPQTyugl+dW2z5Z
Score

8^/10

discovery execution persistence privilege_escalation
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Installer Packages

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecutionpersistenceprivilege_escalation

behavioral2

discoveryexecutionpersistenceprivilege_escalation

© 2018-2025

Terms | Privacy