General
-
Target
Setup.exe
-
Size
160.0MB
-
Sample
241023-r1j1vavfrb
-
MD5
3b52cdd97e560dace789733bf774d0b2
-
SHA1
06a80c609f93839ce55cba241a8c1e0b3f9b8c3e
-
SHA256
b2a0c2982713b32f8e744dd4ef08b920f46a1946d38adffd200a0d7640d7f0b9
-
SHA512
61e8191d4eac19b51937ce7ec4962eea8a4279e8e5f2320afa48587813eb4cd360b980f5d6f02a7d48f27c389a4c166a11b72e7f676a53000299d223df5fb872
-
SSDEEP
3145728:RP0yvzmoU2b7f84ha+EPvIeXLf/IibgdUtJFxewJc+F3YGoq:FmoU2H9dEX3LYIgdUtJT
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win11-20241007-de
Malware Config
Targets
-
-
Target
Setup.exe
-
Size
160.0MB
-
MD5
3b52cdd97e560dace789733bf774d0b2
-
SHA1
06a80c609f93839ce55cba241a8c1e0b3f9b8c3e
-
SHA256
b2a0c2982713b32f8e744dd4ef08b920f46a1946d38adffd200a0d7640d7f0b9
-
SHA512
61e8191d4eac19b51937ce7ec4962eea8a4279e8e5f2320afa48587813eb4cd360b980f5d6f02a7d48f27c389a4c166a11b72e7f676a53000299d223df5fb872
-
SSDEEP
3145728:RP0yvzmoU2b7f84ha+EPvIeXLf/IibgdUtJFxewJc+F3YGoq:FmoU2H9dEX3LYIgdUtJT
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies Windows Firewall
-
Drops file in System32 directory
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1