Overview

overview

10

Static

static

1

10152bc59a...e9.msi

windows7-x64

10

10152bc59a...e9.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10152bc59a780129df651a3363b3b1cdecec8df442c8442808824a80564f6be9.msi.vir

  • Size

    40.6MB

  • Sample

    241122-d8cd3szlgm

  • MD5

    4e0c73259e83e8d5f36be55d4a937307

  • SHA1

    539d747d30c16f50ddf6b72da1426709edce5732

  • SHA256

    10152bc59a780129df651a3363b3b1cdecec8df442c8442808824a80564f6be9

  • SHA512

    eaca63ff0faafdd6014864517a9fb92e82d970c99084d6cbf5b493b0b0ca6372541493f4c11b426c09b160369fb4da07d928d74a20078ab3e0743b54e5be99b5

  • SSDEEP

    786432:BxAq3kvG6v0/moop9AaRDEzVARzgsBBSs7ndpTp1Z4qaNrk+0/iClRu:cqUvL8/mfACxgUBSkdvAPy6CPu

Score
10/10
discoveryevasionexecutionpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      10152bc59a780129df651a3363b3b1cdecec8df442c8442808824a80564f6be9.msi.vir

    • Size

      40.6MB

    • MD5

      4e0c73259e83e8d5f36be55d4a937307

    • SHA1

      539d747d30c16f50ddf6b72da1426709edce5732

    • SHA256

      10152bc59a780129df651a3363b3b1cdecec8df442c8442808824a80564f6be9

    • SHA512

      eaca63ff0faafdd6014864517a9fb92e82d970c99084d6cbf5b493b0b0ca6372541493f4c11b426c09b160369fb4da07d928d74a20078ab3e0743b54e5be99b5

    • SSDEEP

      786432:BxAq3kvG6v0/moop9AaRDEzVARzgsBBSs7ndpTp1Z4qaNrk+0/iClRu:cqUvL8/mfACxgUBSkdvAPy6CPu

    Score
    10/10
    discoveryevasionexecutionpersistenceprivilege_escalationtrojan

    • UAC bypass

      evasiontrojan

    • Drops file in Drivers directory

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies Windows Firewall

      evasion

    • Network Service Discovery

      Attempt to gather information on host's network.

      discovery

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

2
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

2
T1546

Installer Packages

1
T1546.016

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

2
T1546

Installer Packages

1
T1546.016

Netsh Helper DLL

1
T1546.007

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

2
T1562

Disable or Modify System Firewall

1
T1562.004

Disable or Modify Tools

1
T1562.001

Modify Registry

3
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

System Binary Proxy Execution

1
T1218

Msiexec

1
T1218.007

Credential Access

Discovery

Network Service Discovery

1
T1046

Peripheral Device Discovery

2
T1120

Query Registry

4
T1012

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks