General
-
Target
DLL Injector_2.1.0_x86_en-US.msi
-
Size
2.9MB
-
Sample
241110-bhme9awene
-
MD5
0592ca25cf22e8d5daabacd1130d38f6
-
SHA1
0a59fd8723de4cb9bf6c3272a5db7771e575eff9
-
SHA256
3b8991f1eebfc46988db25fe0ded11c3c08df81ae2ca1baf9103ba8259cafc99
-
SHA512
1be2c9f7ff9fc9cab5e5a784b281585d89070413722cb4584e91d4a4b57e628643871ee672049c32a8b2399c8358f1c6d7df20af1b3c39aa9b669902b71a91cc
-
SSDEEP
49152:TXt8FXtmZR9m+/YXz573yI2FvlfC+fM//uuEUNLTVx+pv/Z1BWCMnT5ldQqnUIwE:T98FXinYXz5ryI2FvvM/mu/NLT41BWd
Static task
static1
Behavioral task
behavioral1
Sample
DLL Injector_2.1.0_x86_en-US.msi
Resource
win10ltsc2021-20241023-en
Malware Config
Targets
-
-
Target
DLL Injector_2.1.0_x86_en-US.msi
-
Size
2.9MB
-
MD5
0592ca25cf22e8d5daabacd1130d38f6
-
SHA1
0a59fd8723de4cb9bf6c3272a5db7771e575eff9
-
SHA256
3b8991f1eebfc46988db25fe0ded11c3c08df81ae2ca1baf9103ba8259cafc99
-
SHA512
1be2c9f7ff9fc9cab5e5a784b281585d89070413722cb4584e91d4a4b57e628643871ee672049c32a8b2399c8358f1c6d7df20af1b3c39aa9b669902b71a91cc
-
SSDEEP
49152:TXt8FXtmZR9m+/YXz573yI2FvlfC+fM//uuEUNLTVx+pv/Z1BWCMnT5ldQqnUIwE:T98FXinYXz5ryI2FvvM/mu/NLT41BWd
-
Blocklisted process makes network request
-
A potential corporate email address has been identified in the URL: [email protected]
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Browser Extensions
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Share Discovery
1Peripheral Device Discovery
2Query Registry
7System Information Discovery
7System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1