c17214354b2c191b2b8d58825e5d894582ff437fcac8356f79729a9f898dabd9

Sharing

Copy URL

Twitter E-mail

General

Target

5a9aebbabf444bc65f32342fed666ce3.bin
Size

15.6MB
Sample

241122-xhe7tswmhw
MD5

65e8339bb3fe4dc5fb78656befa07e71
SHA1

d6a1d0974118e10d5e4d96105f122a02e87f06c7
SHA256

c17214354b2c191b2b8d58825e5d894582ff437fcac8356f79729a9f898dabd9
SHA512

ad6cfa6d3264b0154fab1780a3876d5b0028b9b25b61334cb62959eecc08375e195822746a88aa529e2c81f928e2e1631ae3768265b3936479c8e4cdbae4e41e
SSDEEP

393216:8ZqGGtsphUDOCPptBGPDMWur4n4iR2FMdXiRh9I4osxe6g:j0UDp274fi9mnosA6g

Score

10^/10

discovery evasion

Malware Config

Targets

- Target
  
  File.exe
- Size
  
  785.0MB
- MD5
  
  82aa69748af1aa2058e786d25f327076
- SHA1
  
  2f077a1f505367a7fa90688bb498cbf07c01a421
- SHA256
  
  d28e639d2945002bd214956679c4eacda104071f69309db6b807e32499019e4b
- SHA512
  
  b4bdb9361775f9b44596d593ed8bcffa02914196c69b5c6b301e1f63563a994facfe3d4ac1b3aed75e07ee67b531f952b332a8540b472e8d38b84b8f3fddec19
- SSDEEP
  
  196608:36cmOe56MPwP275wEPFLhbljK9ZZ2+ihH/9:qX5lwPi51l4Z2+eHV
Score

10^/10

discovery evasion
- Modifies firewall policy service
  evasion
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  updates/Cache_Data/AudioEng.dll
- Size
  
  1.8MB
- MD5
  
  074adb230e03ccdd7592aa91fd6827e6
- SHA1
  
  3a95aa2151b0c23e6733fbd538c927a54fcded4a
- SHA256
  
  e75a456c18d93a9bff731139e5dff0b7a92f2e1f5b7228274385c65a527a1f42
- SHA512
  
  2fb38a45bce2bd4cf2b010522e3f7173f2381481ca194edf05d6aec292dcb39b80a9564a0d197bb4949e9580f178582f9c3b1dc37d3fcce05d496f1da615644f
- SSDEEP
  
  49152:TAEM+CEh0/Rlhh9hhDhMLhhQhhIeCBR2U+8TB9DFRKPcMJmYoHFOjzdYes/QFlP3:7MX5hh9hhDhMLhhQhhC2sTB9DFRKPcMB
Score

3^/10

discovery
behavioral3
- Target
  
  updates/Cache_Data/CbsCore.dll
- Size
  
  2.1MB
- MD5
  
  4cfec4ad388bb464700229c41bbd0f9d
- SHA1
  
  9ec52429b0e758f4dbf25da66c856f4036204025
- SHA256
  
  079d43ecd7d3be041436f2d3f032aa0ed8603f6682465d6139fe3745a2625e11
- SHA512
  
  16b9a51709134601fbb55489366949ebf04ac37da8b578c02b8979d460baec73fcfd74df4a7a3778b2b780c74c34e0d5398ee6297f00192bf2580b699b199454
- SSDEEP
  
  49152:NqRcZBqfW5t7q6CmuIKMDtTvNx8Gg5YZ9jAMFAI3Qb:NqRcOfW5tJCHIKMhvfCk9jAMyb
Score

3^/10

discovery
behavioral4
- Target
  
  updates/Cache_Data/Microsoft.Uev.AppAgent.dll
- Size
  
  1.6MB
- MD5
  
  69cce5450675ea07e32f555f13a33971
- SHA1
  
  a71c3ecf616f2f34d0529f06d3ca648a7e368de4
- SHA256
  
  614cfeada30de1be92e377e74e54a8ad7ba829a7bf3137f4c70e0e05f0aa206f
- SHA512
  
  60839bc99c8c96bb9f3b82f058b55cf98c71ee1eb8df30417f0cb9f379dfa71e6ce2aadf922a2db6459569dab297155409b62ddd5b86d19ca244c4f34afcaaea
- SSDEEP
  
  49152:jcJ2ntB3qDn9BPBaa/ZEWHKt3gm+yAJ1rWz46+tUo:sEtl05RLK3I
Score

3^/10

discovery
behavioral5
- Target
  
  updates/Cache_Data/certmgr.dll
- Size
  
  1.9MB
- MD5
  
  c57abbb736050e8efc24f9a4829cecdf
- SHA1
  
  8d1bff10b4d5c35024ac0022ee819aa0b1d0f92d
- SHA256
  
  859519d057e0720ec3b9a743f8869c6354d3d67a2154bba6d6db2b4b9fd5aa18
- SHA512
  
  ecdcd427351d60923f27e3e1d05442ab0f5648340bdb0686f8256596186c418652eb277b332b9eb2ebeb82c753bd8e551004dfab7ae332a7e4033733bea679af
- SSDEEP
  
  49152:P1fjXbKWda6SyMMMMMMeMMMMMM53uXxU:PdMMMMMMeMMMMMMhuXx
Score

3^/10

discovery
behavioral6
- Target
  
  updates/Cache_Data/clr.dll
- Size
  
  7.7MB
- MD5
  
  3acabd94d146e379089e9a8c2acb1f97
- SHA1
  
  fc8ca36b973af120b6de8f8e0e14ac82bdd361d1
- SHA256
  
  570e97dfc58309972f06954944e161066b4da31c3ee7588792e6aa0d209b8c33
- SHA512
  
  d743776f8f91c6d1474ffd423ad418d513313f05ae4162b865f9686568508add84ed726ce7421f8d9cb69b615d211dfefca8d0d00f0d5d83834bbbc2c1ccc75f
- SSDEEP
  
  196608:Wccx3T6c+jCkne9LPUu58uxM3jwrIUtDyM/JEveHPP:PU3T6LjCke9gu5I3jwrIUt3E8
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  updates/Cache_Data/mfmp4srcsnk.dll
- Size
  
  1.8MB
- MD5
  
  f834ce3103c8a181b8bbefef6d10e6e3
- SHA1
  
  22aa525119af6ad080182fad70ff902c81df42fc
- SHA256
  
  312efcaa24698f3da62e04966f0c509aa9a5f795b1570410beb4b9a76251bb52
- SHA512
  
  0ab6513dc6ca75a1be71459c4bfd7f444c9eee5c4dfccda679cb2233a07c819074058da6978c9350758e2d16edfda74565fd685b1b76178b32ba9d5da976b7e7
- SSDEEP
  
  24576:1k6Hxm3XOBZOiAY9TU77o9pKT0QcukYXEz4NHw7oVLXubF60MB7vTSQ:1kfUOX776pkqukwjHZLXuJ5MhvTSQ
Score

3^/10

discovery
behavioral9
- Target
  
  updates/Windows.Networking.Vpn.dll
- Size
  
  1.1MB
- MD5
  
  b009e8f8394ea2bf22937a39c720db8f
- SHA1
  
  1eb6bb358e7c8bbb43db61347c7606a0b977d912
- SHA256
  
  c2854f78b068d97375e3e56e14487935a057a37573c06919549b058f5f198b98
- SHA512
  
  1a92253c3102de1fa53c16a946dc7fcb2c40e6f0131e02684783cd042f1def3ce7ed1417d027717504431e2d5ddb2ea4e2097ec378388822dbee30af06f1c62d
- SSDEEP
  
  24576:RBL71n7MU90sc3kCRV0C43v4e+eRj5wZgdNX/dYSwnUfmIp/9Yro7OD:h7qXqj5igFYJQmIErQO
Score

3^/10

discovery
behavioral10
- Target
  
  updates/WsmSvc.dll
- Size
  
  2.2MB
- MD5
  
  20fa73336f39e968ac6d0367d681a97a
- SHA1
  
  f0d26d413135b302d411e287cd8427fd1f14214e
- SHA256
  
  4ef2431d42d2bc0fb1b1991ebbe7193f081b37502acba6e980b53db85b931b71
- SHA512
  
  f087c844f4d005160e60d4214f2737ed8e5d037e35afde1ffe32639f868053ac79bd3e92115f1a59f5de2b5aa721d3afe5da1fdc17532ae514939be0f7f453f9
- SSDEEP
  
  49152:r8mKFOm7t3UunAN7vzU0+4iclJJjEIMyjZJhEoouIiRNLmdO6+MNOVcge3JYoOlX:llBN5OijAO6+PeOl
Score

3^/10

discovery
behavioral11
- Target
  
  updates/dll/Aspnet_perf.dll
- Size
  
  42KB
- MD5
  
  f22ad2623cad6567abc6c8e865898733
- SHA1
  
  e3e72a26ab83ab3adce5ea83aa9de11f3621e2c1
- SHA256
  
  62e9c0825100ff5ebd93137d3be2466100d73ab3a1cc9622adfe54ec143c0c75
- SHA512
  
  2ca1ffcd0625b1e28775264c54e72c77525a8df9f40b7c5fdf8c046adc3b3940c0d99556f5e64e55f663cff74e9ca670c05409d1aa297a17ed1053302be4e5e3
- SSDEEP
  
  384:4juERoF5GbCOd6cZHlNTbz1pjEc04AJPrKrRKjvSn1WiRrWQXws2QpBj0HRN7qAt:5Ee6P6sl7gctAlKVVnnbXZ2qWF8
Score

3^/10

discovery
behavioral12 behavioral13
- Target
  
  updates/dll/InstallUtilLib.dll
- Size
  
  114KB
- MD5
  
  fe01d395c4b85df8c426fc9620120ba8
- SHA1
  
  23348d42947a64efa5209b30e9b8a6264f4a990a
- SHA256
  
  4f10c0bd8d22e8215b02f092279abf7bb148cb1497207ec2ebab32662009b2ac
- SHA512
  
  d255211adb5fbf5cda875ad138abb064a7deedbed28f4e862df4fea962f84437c92a53dd18ed6d2098d0d9415d4a5ca80e39e9bc91b4382b01714d23f29615ea
- SSDEEP
  
  1536:dS8CWyksWMcdM4Bpjr+UsgtFmVrrXL1MgbIurgnOMolQbm8DhIGo0Uqc3:dS8SgMA+jVrrb1MMBnMolULDhImc3
Score

3^/10

discovery
behavioral14 behavioral15
- Target
  
  updates/dll/PenIMC_v0400.dll
- Size
  
  25KB
- MD5
  
  be49782166585d455168eaff44274699
- SHA1
  
  27715f1c887f06ef10b387ade54f8bb3e5b867df
- SHA256
  
  6e1dc112a74c3149043136f847e21148c823d76fb3ed61b84d4a4e7e53bf527d
- SHA512
  
  d8d2dd196223c917d2d2df3a20dfe7cce814c8728b6bf7732195e085ed7744b3123842e0cfa3a1e65a7861976707502ff88fc39a5774884ae23e7cecc276987e
- SSDEEP
  
  384:OY4ItHJJdsr6jWXDWZ33PQpBj0HRN7aiyQHRN7I8Ilv23lmiWgJ:/tHvdsrvqqWaT8VlqW
Score

3^/10

discovery
behavioral16 behavioral17
- Target
  
  updates/dll/PresentationNative_v0400.dll
- Size
  
  908KB
- MD5
  
  8eb5131e94f21644d5b10dce26057bf6
- SHA1
  
  73a5dcd44ee7810232a4e8f4563298ea14981916
- SHA256
  
  295d61d24fd1ce5a24eaf6b84e7895fe919439a14b26f04f863f8f0880e91de1
- SHA512
  
  5087a5b7aa1c454f4828965ec3c11f89bc92fc4302b74a39b73bd3a72da05896485185f165279a07bcb6ff042e2ff203b2921b4a50abb890f48f130d3bd65f37
- SSDEEP
  
  12288:RXInGdI8OPo2MRveRz9DcNU4P+oBXpKEALYAUekPJ4BFN881GCqh2:RXInGm8wMiD8TP+oBXpKzYAUPJ+X9QTQ
Score

3^/10

discovery
behavioral18 behavioral19
- Target
  
  updates/dll/PrimitiveTransformers.dll
- Size
  
  62KB
- MD5
  
  3c7c0f531b18bfce88ba3e7d7462602e
- SHA1
  
  82a7cd2aacb4d1fa2a87072b0ef749d7fe523742
- SHA256
  
  b7fa74f9a083426bb33fba0e2294fe016e47cddec2eddcde4e34e8e620e54ce0
- SHA512
  
  1f4b4d8072ff0af1d70ec75b3d68a56837ce652dfac0afcf49cc9ad9ba70c804c6edc04a3c49e103fbe16dd7e5d53e74fefc0d0fa96b9e8c09b4d659de93541e
- SSDEEP
  
  1536:KrYtrnCjjolfyy5zCQjS0PFagP1pM3DSYmmPSwzoV:KrWCjjod5zCQjS0PFLrOezm6w4
Score

1^/10
behavioral20
- Target
  
  updates/dll/ServiceModelPerformanceCounters.dll
- Size
  
  88KB
- MD5
  
  5f8650c4e6f1edcc2f9c65897e1d0527
- SHA1
  
  517d5e510accfe39f19ec17f72409e14644394e7
- SHA256
  
  7be6193201bd73b63104a8700be69b82cbcd8ce42f63d3324ae818ad16bd131b
- SHA512
  
  6ebce11471a44c48407382df6d98b53a4e2971f4c83670bbdb68d7b35d825abcf3189889acf4434d292d84d27c6b6ef03f073658461a05e75abb9e3a02f9590c
- SSDEEP
  
  1536:3CYcjsWY5cdKgz6ZNJbSOaWvk0fqG73yfrcqOGO7AqEsl/dW4xQ6M6:3nc2oKLD+WMrG7ieAqEsllWr6
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  updates/dll/SettingsHandlers_OneDriveBackup.dll
- Size
  
  101KB
- MD5
  
  4b87a8c6dcd541351dd8bba87ddde5b3
- SHA1
  
  98bc2c7088197b0ab4850ff9234f01416e1b1738
- SHA256
  
  0dfb42a0710a2ea77c98e23151de8eea771d919b34e043215e3824aa11015d9c
- SHA512
  
  b7b2abb35f4121a904a72333821a1f438afaaf55fdcfbcc028d0ddd2ee715ef57f2e0115d2d115a88eb6e4201d2733d783763640dec53262e9abb99d1357a8b2
- SSDEEP
  
  1536:eJ9I86WXlcf0RR3+k9lwDqmHpihUWhTlBSylX9jUqMoSavj2L0nYYpQ0c7lD:QjysRFDUpihzhTnSyfjeIb2GYyQ0QlD
Score

1^/10
behavioral23
- Target
  
  updates/dll/System.AddIn.dll
- Size
  
  160KB
- MD5
  
  99ab52bffee95e75ab15e81e4e68db8b
- SHA1
  
  514f87b20590ebc08adc5139bb35a4d3c6c24735
- SHA256
  
  b04b43743a8d56ce4f04b265ae0ece7185ca5cc2508feed6e7da071f97732076
- SHA512
  
  94943402e4de12af68aba08db030b8bfdb2383f13c2de65a17e4afc1998f479ef0cd97e4c12afb09f1cc0effb6ad1e8fa311a9d0191431daf0de3d011b95c09e
- SSDEEP
  
  3072:YP39d4oMwNRjZn1FZ6YVPAgBMhgGehPg+aR6NqOuw47wlQ9Gs6LWTsr5WsJbDUh:MnNRl7Z6YrKgG2g+aYNVuwi6LIsr5WsJ
Score

1^/10
behavioral24 behavioral25
- Target
  
  updates/dll/System.Speech.dll
- Size
  
  676KB
- MD5
  
  d04c846a1d4bb16e5e5e9a0fb10baf47
- SHA1
  
  7691c372b3c494671218ee5c8c56a6d7c53815b7
- SHA256
  
  000028670db2a67449efeaa1a6e96afe1124094bb6123144780c9eca19767b61
- SHA512
  
  6cd94765fa9ec73f570189e9aae8a900ceb19e4ad02af60f231bf258690869bc4d025a409094abb04dbb3ef8491741aceb641e41e3835eabb1d76f6afc5f2309
- SSDEEP
  
  12288:bw8dlh79UShP3eBN95w0rHhoynhl30DMYgukJnG/d/lFFZ1BvONX:Flh79US53O7bhl31YMG/d/jFZ1BvONX
Score

1^/10
behavioral26 behavioral27
- Target
  
  updates/dll/System.Transactions.dll
- Size
  
  255KB
- MD5
  
  6432dbab3ce97c10bb97ed564c3c55b7
- SHA1
  
  de77ed04fabebd78a407b662f6350d28956bc613
- SHA256
  
  99bf72b38e4d76005468eba64016049127d835b89b3ed7523d923a917b444679
- SHA512
  
  7111e2d1e53acb58796d29573e9a0c05ba947c5339dd1a97df31048b4d38be867a07c8078c7c925cc5c89d22531dcbf3ecef214dceb7dc6729d275d3a651c7b6
- SSDEEP
  
  3072:Lw9fJd/ppK6oxJ0uZlhX3OFwe09mbkyr8Ljca2cDL11rIo:gdhpKUuZlhHmwe09mhAj7tDL1R
Score

3^/10

discovery
behavioral28 behavioral29
- Target
  
  updates/dll/System.Web.DynamicData.Design.dll
- Size
  
  32KB
- MD5
  
  b58d5ad34f57262b1aa9056791762f18
- SHA1
  
  067250e55daff11761dcf5398ea94b21d119caef
- SHA256
  
  6776fd7aa08170c1618acee4bb9af93e2b1169f253468b95c120ff5a5b70bb2c
- SHA512
  
  6f4df2d720c4a41f4de5ae2953032165c53d9e701417d0dc81c4eceb925b8127fb7f21fac0bd2306b8dfdf9373037e4d11376730449be85f1ded2b38ce8a5a20
- SSDEEP
  
  384:9IOtqjpiSDGsTz98jzk9g67KGhJSxUCR1rgCPKabK8tBX5PKytZ+pyW60W:zkVdDGc+k9FiJCW
Score

1^/10
behavioral30 behavioral31
- Target
  
  updates/dll/WMINet_Utils.dll
- Size
  
  136KB
- MD5
  
  3f39fd88760ba315975f19e45a30c62d
- SHA1
  
  50878ff5ff64cc3ea7cc7de86beba885e4052d26
- SHA256
  
  fc0f7db5efa34abc02b426f94b1d172cca3552e3c34ac0b9244d8388fc00f669
- SHA512
  
  73f64e78d02d47f1167f1d4ba93940b47aa5cf8537c9a59e70f59b539a1412c5596ce441d66287c3c9d9d6edd32f6971772dc7b5889e63b8b2b998f6fac0cbb3
- SSDEEP
  
  1536:/LjjjvCH9zzZD7eWjhMrFIwRNxFXEMxbm/demW17Nn7:/Hfv4dqFNr02m/dem67p
Score

3^/10

discovery
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Modifies firewall policy service

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32