2731712ef1906af20a5eccead8381774dd7b244a00eda7d6251963ae787fd2b3 | Triage

Sharing

General

Target

RefreshRateService_V2.1.0_1.zip
Size

588KB
Sample

241119-sydlqaxmf1
MD5

555f783d99103190d2cef7671c2c9a73
SHA1

ac89e2434f29d4eb5fff2912c1ef88c2d75cadc4
SHA256

2731712ef1906af20a5eccead8381774dd7b244a00eda7d6251963ae787fd2b3
SHA512

d1c9fc72b608e942d196be245f1807abe4c0dda4dd9f210bc78bdd576e4009d9db3ca777500449705aa66bb2235d023b4fcc0bd4d285557185b100d9e12c7714
SSDEEP

12288:v4eAVPh0Fa5b9GJwGs94KiIQYWVzY3vtEtLdLPkW46X/rEJq2ICEuzYbgJOet:v4ee2Fkb4+/NiIoG36BFPk96h2XENEv

Score

6^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  RefreshRateService.msi
- Size
  
  966KB
- MD5
  
  c660910814201ced2a7c0560c008f8f4
- SHA1
  
  805b6a7d740b6e9bf12ffa750a33ab7e7bc54778
- SHA256
  
  c105e87b1f5d04a4e3818a3747a93a4f4936cd1688b49670a24b4b3e719f46fc
- SHA512
  
  bcab8b20a25de65f758574433d5ece69a5a02fdd3df6cb3ddef814f96c7cd132039ae73966d484189796389b939d5a6dcd28fcc754621a3c759328a21c54dda0
- SSDEEP
  
  24576:2maHyYiPkLMcMfdTB7yuk3f5BfAJ6svgREp2:2maSYicLXMftBGRE6s+E4
Score

6^/10

discovery persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation