6696d790ee119b0de93919050a642d3dca502a2ae1864700b6b06fa2b955ec9d | Triage

Sharing

General

Target

InformeInfraccioneCONASET.msi
Size

4.7MB
Sample

241115-wzrrhsykat
MD5

82f3f74379c6dbdbca3a64c5717c2faa
SHA1

ba5562e233c1f83d6929db8dd03860a99bf58fa4
SHA256

6696d790ee119b0de93919050a642d3dca502a2ae1864700b6b06fa2b955ec9d
SHA512

8bdf61555de4b7e249201462a0f942a1cc671d9bcc514635297e08ce25bcb90de8d0d64fd513da32d4be731e5af6db13d039040a83c8e50c2887009b091e58a1
SSDEEP

98304:wph2BBopK5X4MkjkZMiWFLH/qJ/YOKa4RpnoYbO:eQuKl5kjQMr/qJ/YFaO9DO

Score

6^/10

execution persistence privilege_escalation

Malware Config

Targets

- Target
  
  InformeInfraccioneCONASET.msi
- Size
  
  4.7MB
- MD5
  
  82f3f74379c6dbdbca3a64c5717c2faa
- SHA1
  
  ba5562e233c1f83d6929db8dd03860a99bf58fa4
- SHA256
  
  6696d790ee119b0de93919050a642d3dca502a2ae1864700b6b06fa2b955ec9d
- SHA512
  
  8bdf61555de4b7e249201462a0f942a1cc671d9bcc514635297e08ce25bcb90de8d0d64fd513da32d4be731e5af6db13d039040a83c8e50c2887009b091e58a1
- SSDEEP
  
  98304:wph2BBopK5X4MkjkZMiWFLH/qJ/YOKa4RpnoYbO:eQuKl5kjQMr/qJ/YFaO9DO
Score

6^/10

persistence privilege_escalation execution
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

executionpersistenceprivilege_escalation