c465d4f122c809bd22cdede1b082a39053f45dac204ae006760693545e4af73c | Triage

Sharing

General

Target

M Centers 8th Edition 8.0.1.3 x86.zip
Size

5.4MB
Sample

241120-mh8t2avfkb
MD5

4e3da0bb21c0b963acefab653af34264
SHA1

c8051b4c267b11ec5b01db90c09b24d9b3799623
SHA256

c465d4f122c809bd22cdede1b082a39053f45dac204ae006760693545e4af73c
SHA512

c2a60fa6ba06743d4e4af3501e21f459e8dca28b4a1e9c38b41feff509d173dd8e1d00fb59cfdce50e3c2a9b09d10ba41c8ebdfd7b969f5ad8645b56e583398d
SSDEEP

98304:h7ERX5a05Oz8tjXaIzZQqm0pzrZM8atV4ef2KrqUrMrEDf4OPoiwjeBS7od:hgptA1AZQqmMXZyfDeUrM8oy5d

Score

8^/10

discovery exploit

Malware Config

Targets

- Target
  
  M Centers 8th Edition 8.0.1.3 x86.zip
- Size
  
  5.4MB
- MD5
  
  4e3da0bb21c0b963acefab653af34264
- SHA1
  
  c8051b4c267b11ec5b01db90c09b24d9b3799623
- SHA256
  
  c465d4f122c809bd22cdede1b082a39053f45dac204ae006760693545e4af73c
- SHA512
  
  c2a60fa6ba06743d4e4af3501e21f459e8dca28b4a1e9c38b41feff509d173dd8e1d00fb59cfdce50e3c2a9b09d10ba41c8ebdfd7b969f5ad8645b56e583398d
- SSDEEP
  
  98304:h7ERX5a05Oz8tjXaIzZQqm0pzrZM8atV4ef2KrqUrMrEDf4OPoiwjeBS7od:hgptA1AZQqmMXZyfDeUrM8oy5d
Score

1^/10
behavioral1 behavioral2
- Target
  
  FluentWPF.dll
- Size
  
  223KB
- MD5
  
  908668ffde26ab371a2ef711206aa05d
- SHA1
  
  95b60c69c199edd937960d22b793f5e6143c00ac
- SHA256
  
  8e136ec981ed7d7abf0c8153db901fcd9e7a311a61e209d88a9ca2b51fc17838
- SHA512
  
  36c1ef092ee2ddd9640c6c74ab2d76bb61f62415892b9bcddf93772b604c4b45c9ef88834aecac76ef2f0fa38317f74b889cd26436ab0c6a998b803cdf7a023e
- SSDEEP
  
  3072:y56b2y/fw0rvK/mYYA7dTLakKj5/gJxJtxAtEjeznuWRamV3QxoHS9:v2uw0rvK5NJbtxiECrZamV3QSHS
Score

1^/10
behavioral3 behavioral4
- Target
  
  M Centers.exe
- Size
  
  1.6MB
- MD5
  
  6ff38add69344ba7c62e127597863b28
- SHA1
  
  aba7461526a34de61a181ea1952f82997a12e842
- SHA256
  
  2be5d095a60aeabdf012010ce9da7255d23cd12ae81767cf567fb893f78a95d5
- SHA512
  
  e0e6fa41d151c877240e9f938326b513321262e6a5a83e254322245a0680b08ac973189a614c4f6162e662fdfe5960c07f0547db6035efeae030a1eb9756ea85
- SSDEEP
  
  49152:ej2I6gR13Be4vZ+5o12w1cRTTQAwnnsnonmB:uPRNXBGhw1wTEAwnnsnonmB
Score

8^/10

discovery exploit
- Downloads MZ/PE file
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral5 behavioral6
- Target
  
  M Centers.exe.config
- Size
  
  188B
- MD5
  
  fc89142fba7697e848f0e0c5951d86f1
- SHA1
  
  1c2859c0a3629e3857928f61a6f3c268729b905d
- SHA256
  
  d9ff2b6c916e5b42bc486855eebfbd9e5e409c01d49fc264850fde2ac9268820
- SHA512
  
  af708d2240623549e9bc07ee0da11e7efdc202585390f1b008fbd6dcb0374c2d337f55798b05eea3bfbffd9585d304e7941a4f9b4cbad33b88de9c7a4acd46ec
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  M Centers.pdb
- Size
  
  215KB
- MD5
  
  d59b84fbc652bedb776bc68dbea23da0
- SHA1
  
  9049dbe38dab0a65bec6b5fd3ab33a0e47101d8f
- SHA256
  
  721c6742e07afc23f970993857dd2b33a9f84f4b1e45d0efd3cfeb4dad8c43ba
- SHA512
  
  cd9b8cf30578c3431a47b2046cb05fc12eff8f6899c2e72b3b3e97d16f17acbb15d463fff3b07e7e54d3c210164ccb9630173a82caffb45f864985a77778c3d8
- SSDEEP
  
  1536:LfDF3NiV/g6C+cp1vxrE3xbEPJuScJCGOiVyyDFUrE3xZJCGOiVyh:Lritg6bcp1vRUwPHTGly5UmGlyh
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  MCentersLibrary.dll
- Size
  
  549KB
- MD5
  
  914edc5dbda070d529e815ee13455f11
- SHA1
  
  3067baba45017bf779c759a3e424b3dc5900940a
- SHA256
  
  b8343a1ab9054b9730edaa50d028f862c42ba8340e362c153dbe63507cbe69b3
- SHA512
  
  f338af9a2d856af4f40f5c5a134e6a16a56f324b1a79d8261023286e631ce23f67beab271671d1afabd3cf10bf3577f0bc41b5e1038f0ddec2ffbe54fa5814ee
- SSDEEP
  
  6144:x6mlxi2ZvofmCKYCpY+H6bNwn3g+drSuQGueDIm+XKqtK7c+1+pzf:9jdUtcpNw+5RPueD44c+I1
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  MCentersLibrary.pdb
- Size
  
  2.3MB
- MD5
  
  d4b625cca72fe9e2d5c9ca5f13c0026b
- SHA1
  
  657916ecc23836c0fb67f2ff4ba85df3ae048a32
- SHA256
  
  d14508dde9515bcd41fbf5b08285891f51075ad796da925e55f5e7aabed9da15
- SHA512
  
  97f59bb0da5fb0f59c184c4de0f3813601e04abc354fc2904d5880e78af675acb9f43a781cb8f324b3e596bcdd3169859a01711a8de7c6b50fb85fc9574e9a7a
- SSDEEP
  
  49152:MueK55OR5w6SxtNdhKNzsHT/JYPHJgexZQlRjjn10piVkp2tImyKt/BeslqArbko:MQ96SxtNB/JYPHJgexZQlRjjn10piVk+
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  MaterialDesignColors.dll
- Size
  
  309KB
- MD5
  
  51544fc07bb8b88d2f1e87b8f4c32ce6
- SHA1
  
  e235a3e713ae6a949acab603d9001efd529cee1c
- SHA256
  
  f06826845732d945421c341c8d1abb337ab9a2e757d90a763ac618aa445bf63e
- SHA512
  
  a775856275b1eb6996509517f86eaa8e9f9c07273164e207abf415ebf19b6ef93d2ef002f29b5e926b5ca6d1861b3dc966aa272876abd7f6a400fd30fa4480a9
- SSDEEP
  
  3072:6MrRCSKC/v3cItK0HefMgKqeN+IrUkxgJ:6MrRCSKC/v3cIpH
Score

1^/10
behavioral15 behavioral16
- Target
  
  MaterialDesignThemes.Wpf.dll
- Size
  
  9.4MB
- MD5
  
  05347205b59c343705c5b1da21d8f9d3
- SHA1
  
  2a019a5a7d0388fe278efa63a7659a987d850aa8
- SHA256
  
  f8144c2d063144a98e6faa4e4d6f11cb3d08d20313e196cdd03addb8186ca6fd
- SHA512
  
  8c29c3aea7f13c0fdd8efcf4646f20ac28a56c5851f9ed27be90d9dc52868f412e52fdc6ab69a25269cc79f7db06fd6416ee8802ff150e375154e36497f6dad1
- SSDEEP
  
  98304:6Xg2XJDntBksKY+ND3WyA4+TLVei10vMzPv8/4C8B5XVS49Xzy83IiEcJMrCR2fP:6wgnJ45/9iD54+V11bFv4z
Score

1^/10
behavioral17 behavioral18
- Target
  
  MaterialDesignThemes.Wpf.xml
- Size
  
  113KB
- MD5
  
  1bb82bbb22468938d4b9d2d138c548fb
- SHA1
  
  f68f221a82ba44a7b344a3004137b95b3af58c59
- SHA256
  
  d016aa634c248f9f6d954c4e8836996637c8d2f2e01077e99f58d3d64daaddfd
- SHA512
  
  8ec76c197397047fb22a364361beb9c3f323a636a394d50a63d342902c587c9c4ae9bfc5527fb4c0c549626eaf074d179f993c7382d92ed9757fc1a8e577a6f3
- SSDEEP
  
  1536:fj4pgvgbnK9NeW6efGe3PeIlesVbnbKcUggHlwLKCf9xinnH85Kg1MlgkkQitawg:fbhUQHkkQZ75
Score

3^/10

discovery
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

discoveryexploit

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20