Overview

overview

10

Static

static

3

application.zip

windows11-21h2-x64

1

Loader_dll...es.dll

windows11-21h2-x64

1

Loader_dll...ce.dll

windows11-21h2-x64

1

Loader_dll...er.dll

windows11-21h2-x64

1

Loader_dll...st.dll

windows11-21h2-x64

1

Loader_dll...cs.dll

windows11-21h2-x64

1

Loader_dll...47.dll

windows11-21h2-x64

1

Loader_dll...12.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    application.zip

  • Size

    29.7MB

  • Sample

    241121-mxyyda1pcv

  • MD5

    b43178403113cd78f4849471aa179edb

  • SHA1

    843bc7b1fff4ba6e8b81d95276765a88b24131b7

  • SHA256

    64b12f1d65a1a709abf4588142f73a9fa4d457d0da3714683e2a2be0b3321992

  • SHA512

    4a51f18e52677682addf36318797ef615e29879b73a2271ddf296749d7019beeec7cc339a98ad64182a7ea4613376f74ef02315f4e39471281bf6004cd0b7a32

  • SSDEEP

    786432:OFmAsk7nqoqoz6cHvzz+vn+aqa2Tb33yOLV1NA4pdti/oZ:ysgqXo+izNbn5LDFpfB

Score
10/10
discoveryexecution

Malware Config

Targets

    • Target

      application.zip

    • Size

      29.7MB

    • MD5

      b43178403113cd78f4849471aa179edb

    • SHA1

      843bc7b1fff4ba6e8b81d95276765a88b24131b7

    • SHA256

      64b12f1d65a1a709abf4588142f73a9fa4d457d0da3714683e2a2be0b3321992

    • SHA512

      4a51f18e52677682addf36318797ef615e29879b73a2271ddf296749d7019beeec7cc339a98ad64182a7ea4613376f74ef02315f4e39471281bf6004cd0b7a32

    • SSDEEP

      786432:OFmAsk7nqoqoz6cHvzz+vn+aqa2Tb33yOLV1NA4pdti/oZ:ysgqXo+izNbn5LDFpfB

    Score
    1/10
    behavioral1

    • Target

      Loader_dll/MsMpRes.dll

    • Size

      11KB

    • MD5

      d74d79aa6dee2a46e5fb2a4b53a783fc

    • SHA1

      3732651c4942ffad81f06125aeb0f208a0271189

    • SHA256

      74ff16fcb856ccde21f5d82cc9e5d21632109603bbf72f1483b2528ab0cf52c2

    • SHA512

      ee7c6f3f3cfe4869df957ae5befa33696fb886cbc28b87bd2e2e64c5794e49b8746ace5324493766b82cdba75ab7e120e6c31246d3b35d97052ac109f72c7be6

    • SSDEEP

      192:/rWNzOW9gymyAADBQABJ7Kb7vp13s5yX01k9z3Aupf:DWNzOWpDBRJAfcYR9zTf

    Score
    1/10
    behavioral2

    • Target

      Loader_dll/TableTextService.dll

    • Size

      649KB

    • MD5

      ac46ab38c3258e6e201243546a705cc9

    • SHA1

      6df36de077c38ae6039b1682c940e7694cd40700

    • SHA256

      73762426730d7ee614e5d98e9722da1d52bd1dcbed0c735a5cf74d07e8e76a10

    • SHA512

      18def451851e5210ab7724cf0c92c2b4cf003df83cb3857e990c84a6fd3cb84d48e79df1bac0d216429abadcef1a85504e7cc9c7e591ba95f4e86ccd618f2ff4

    • SSDEEP

      6144:YZZ4gPlUMNfNBepnXotTcHFpOFhl5d39rIX/ZZQ:YZbWMN3eKtTclUFhfdtc/ZK

    Score
    1/10
    behavioral3

    • Target

      Loader_dll/WordpadFilter.dll

    • Size

      185KB

    • MD5

      3f451c410ea50f3c30cefcc4cea7a188

    • SHA1

      86d4af1ad0ccb7938f4473707107aa5123da4759

    • SHA256

      741db67ad0512cea9587ebaa1960f25dd40acbeabb5d6e41ebc00734fa1cbae0

    • SHA512

      6c80bb9dcc5d965016e071ed0a96b21f45c12563fa0b353ffc055573082448aa0fd225000361659e1bb3d9b9e45a8b5d7644e4f4292cbdc8831168d0050afd6b

    • SSDEEP

      3072:o8m15vsf6SmElmxzF+gfN5uZPtmk9rg1C0xj//tlhjeiZ:tm1RUmxpnfTuhtTrgR//fxei

    Score
    1/10
    behavioral4

    • Target

      Loader_dll/addition/EppManifest.dll

    • Size

      152KB

    • MD5

      a93f7a8589c9cd1bb352907a33563932

    • SHA1

      d3f9faa83365fe22d1b7d21dc69c6638f65b2bad

    • SHA256

      41301d9aeddd82e50d9464f3edc6b872017dccb02b4860b67871da533ca2d876

    • SHA512

      1d33b83afabc364fc412938f7ee06f901006052566d4d934914313d9a1d0bb090c553ebdc5848998e8c6e30585c3d10557038848acbec2f78acfa3a606b555bf

    • SSDEEP

      3072:e76QqQqFTs8U+Nwy8bhpgENIf5eeT25+h6oY:e4s8tNwZhpgEKfEeT6j

    Score
    1/10
    behavioral5

    • Target

      Loader_dll/addition/MsMpLics.dll

    • Size

      14KB

    • MD5

      66f45f4e070e7b91f6dc1e780498b58e

    • SHA1

      bced28488bd901d66855dcd71d73285a96f77050

    • SHA256

      9f97c5e570584dc637ece1b023b1d145b8dcc9c14b9a35a0c4ce523c331167b7

    • SHA512

      5e1bc800e4b280c57e68a383ea59a93c70575e4041924ae01bcf05492e20ed0c391babcf57a901a953f0991f4c9128d8d89fff58ed7f9ccd209388b6efe69baf

    • SSDEEP

      192:S+DWgAHWglQBEKLOqU6D1S8f4DBQABJJZtAkpAOT2XNfqnajVAilG83:3WgAHWtBEJx6D1IDBRJJ0Uk9flx6

    Score
    1/10
    behavioral6

    • Target

      Loader_dll/d3dcompiler_47.dll

    • Size

      4.7MB

    • MD5

      a7b7470c347f84365ffe1b2072b4f95c

    • SHA1

      57a96f6fb326ba65b7f7016242132b3f9464c7a3

    • SHA256

      af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

    • SHA512

      83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

    • SSDEEP

      49152:hCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRN1:oG2QCwmHjnog/pzHAo/Ayc

    Score
    1/10
    behavioral7

    • Target

      Loader_dll/loaderV12.exe

    • Size

      62.3MB

    • MD5

      8e533e9d973e49f1251a5a5343650130

    • SHA1

      2c94ccaf726d034c426425e6b74755b941880566

    • SHA256

      6465765c30c964f99f3afadb81383993893cfcbb47d4740b368a11e5dc614f1e

    • SHA512

      a03ce278551642f8e615dbf617d6480794909f5648e108644f1db9c5a694a334c6b14ed3bc1b82da65e67e78d2d03f3871335d19116ad4624fdc1e0ca32a0d38

    • SSDEEP

      393216:W5HH6Cms5ku95LoagbWWToiadeqW5ZKwq/2Q3HAswsOjNnFRujVebELXD6uP9wjT:WhH6CmsXV1WpaAPZc2ugV2ebVuP+/

    Score
    10/10
    discoveryexecution

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    behavioral8

MITRE ATT&CK Enterprise v15

Tasks