Overview

overview

10

Static

static

1

c440d1721c...3c.msi

windows7-x64

10

c440d1721c...3c.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c440d1721cb83183eb397171531888556f544659e1640bf974ed55548016ed3c.msi.vir

  • Size

    106.0MB

  • Sample

    241121-c53w7asnek

  • MD5

    13efd06a23bfa0e958907db33d947ff9

  • SHA1

    57b60766072b7037ca5c5d31a23dd57e332421b8

  • SHA256

    c440d1721cb83183eb397171531888556f544659e1640bf974ed55548016ed3c

  • SHA512

    b2a914c5359a636003d3dc45b8be36a8e059f40893f171a845969ab5a791310f6a86337205f775a0ca0807ddc8a6fcf294a6cf64c990ae58bd2466b1954bb3e0

  • SSDEEP

    3145728:8Cc6i9DJclUWcTsPsz+gpvp0lHEavPwsJ+KkKELYfFY:+rDJciusz+gNpUkGP/J+xEfFY

Score
10/10
discoveryevasionpersistenceprivilege_escalationtrojanupx

Malware Config

Targets

    • Target

      c440d1721cb83183eb397171531888556f544659e1640bf974ed55548016ed3c.msi.vir

    • Size

      106.0MB

    • MD5

      13efd06a23bfa0e958907db33d947ff9

    • SHA1

      57b60766072b7037ca5c5d31a23dd57e332421b8

    • SHA256

      c440d1721cb83183eb397171531888556f544659e1640bf974ed55548016ed3c

    • SHA512

      b2a914c5359a636003d3dc45b8be36a8e059f40893f171a845969ab5a791310f6a86337205f775a0ca0807ddc8a6fcf294a6cf64c990ae58bd2466b1954bb3e0

    • SSDEEP

      3145728:8Cc6i9DJclUWcTsPsz+gpvp0lHEavPwsJ+KkKELYfFY:+rDJciusz+gNpUkGP/J+xEfFY

    Score
    10/10
    discoveryevasionpersistenceprivilege_escalationtrojanupx

    • UAC bypass

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Event Triggered Execution

2
T1546

Installer Packages

1
T1546.016

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Event Triggered Execution

2
T1546

Installer Packages

1
T1546.016

Netsh Helper DLL

1
T1546.007

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

1
T1112

System Binary Proxy Execution

1
T1218

Msiexec

1
T1218.007

Credential Access

Discovery

Peripheral Device Discovery

2
T1120

Query Registry

3
T1012

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks