Overview

overview

6

Static

static

4

Terabox_1.32.0.1.exe

windows10-ltsc 2021-x64

6

$PLUGINSDI...UI.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...em.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...sW.dll

windows10-ltsc 2021-x64

3

$TEMP/kernel.dll

windows10-ltsc 2021-x64

3

AppUtil.dll

windows10-ltsc 2021-x64

3

AutoUpdate...il.dll

windows10-ltsc 2021-x64

3

AutoUpdate...te.exe

windows10-ltsc 2021-x64

3

BugReport.exe

windows10-ltsc 2021-x64

5

Bull140U.dll

windows10-ltsc 2021-x64

3

ChromeNati...st.exe

windows10-ltsc 2021-x64

3

HelpUtility.exe

windows10-ltsc 2021-x64

3

TeraBox.exe

windows10-ltsc 2021-x64

5

TeraBoxHost.exe

windows10-ltsc 2021-x64

3

TeraBoxRender.exe

windows10-ltsc 2021-x64

3

TeraBoxWebService.exe

windows10-ltsc 2021-x64

3

YunDb.dll

windows10-ltsc 2021-x64

3

YunDls.dll

windows10-ltsc 2021-x64

3

YunLogic.dll

windows10-ltsc 2021-x64

3

YunOfficeAddin.dll

windows10-ltsc 2021-x64

3

YunOfficeAddin64.dll

windows10-ltsc 2021-x64

5

YunShellExt.dll

windows10-ltsc 2021-x64

3

YunShellExt64.dll

windows10-ltsc 2021-x64

5

YunUtilityService.exe

windows10-ltsc 2021-x64

3

api-ms-win...-0.dll

windows10-ltsc 2021-x64

3

api-ms-win...-0.dll

windows10-ltsc 2021-x64

3

api-ms-win...-0.dll

windows10-ltsc 2021-x64

3

api-ms-win...-0.dll

windows10-ltsc 2021-x64

3

api-ms-win...-0.dll

windows10-ltsc 2021-x64

3

api-ms-win...-0.dll

windows10-ltsc 2021-x64

3

api-ms-win...-0.dll

windows10-ltsc 2021-x64

3

api-ms-win...-0.dll

windows10-ltsc 2021-x64

3

Resubmissions

27-11-2024 20:39

241127-zfpdtszjes 6

27-11-2024 20:33

241127-zbwbksvqhl 6

25-11-2024 22:14

241125-15w1mswlcp 6

25-11-2024 20:57

241125-zryrmswke1 6

28-09-2024 18:21

240928-wzje5ssdlc 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Terabox_1.32.0.1.exe

  • Size

    85.5MB

  • Sample

    241127-zfpdtszjes

  • MD5

    b73657d85fe21f889cdbaf4f1724ff57

  • SHA1

    c10e0f8cf0abda003931c5b27ce2416a076b0478

  • SHA256

    9ed5767db68fb669b3f18a0565cae471ee3800b94a187c4512e5a6691797c511

  • SHA512

    b013b7015e90043e2d8c021d9ea9a87505c36ffcb4619eb5fd06bd0e2c5742c3bc3fddc3a448112def652ab26d5372fee4a2d6f95c3c5ce09a000ffb7bf457f1

  • SSDEEP

    1572864:yBumaBVNigHypMDTKWRhvRL7b3NWPVQ6kzjn:yBumaRigyp8TDRhvRD3APVr6jn

Score
6/10
discoverylinkpdfpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      Terabox_1.32.0.1.exe

    • Size

      85.5MB

    • MD5

      b73657d85fe21f889cdbaf4f1724ff57

    • SHA1

      c10e0f8cf0abda003931c5b27ce2416a076b0478

    • SHA256

      9ed5767db68fb669b3f18a0565cae471ee3800b94a187c4512e5a6691797c511

    • SHA512

      b013b7015e90043e2d8c021d9ea9a87505c36ffcb4619eb5fd06bd0e2c5742c3bc3fddc3a448112def652ab26d5372fee4a2d6f95c3c5ce09a000ffb7bf457f1

    • SSDEEP

      1572864:yBumaBVNigHypMDTKWRhvRL7b3NWPVQ6kzjn:yBumaRigyp8TDRhvRD3APVr6jn

    Score
    6/10
    discoverypersistenceprivilege_escalation

    • Adds Run key to start application

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral1

    • Target

      $PLUGINSDIR/NsisInstallUI.dll

    • Size

      1.8MB

    • MD5

      69b36f5513e880105fe0994feef54e70

    • SHA1

      57b689dbf36719e17a9f16ad5245c8605d59d4c0

    • SHA256

      531d1191eded0bf76abb40f0367efa2f4e4554123dc2373cf23ee3af983b6d5f

    • SHA512

      c5c09d81a601f8060acf6d9eeaa9e417843bb37b81d5de6b5c70fb404a529c2b906d4bb0995d574dd5a3b4986e3cbe20882aa3e8349e31ff26bdb832692596bd

    • SSDEEP

      24576:PHI9QRkU8s2UDY3r58zoPOfxLcbyTRsr5:fyQn8jUE7HmKbQi

    Score
    3/10
    discovery
    behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      8cf2ac271d7679b1d68eefc1ae0c5618

    • SHA1

      7cc1caaa747ee16dc894a600a4256f64fa65a9b8

    • SHA256

      6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

    • SHA512

      ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

    • SSDEEP

      192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL

    Score
    3/10
    discovery
    behavioral3

    • Target

      $PLUGINSDIR/nsProcessW.dll

    • Size

      4KB

    • MD5

      f0438a894f3a7e01a4aae8d1b5dd0289

    • SHA1

      b058e3fcfb7b550041da16bf10d8837024c38bf6

    • SHA256

      30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    • SHA512

      f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    • SSDEEP

      48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj

    Score
    3/10
    discovery
    behavioral4

    • Target

      $TEMP/kernel.dll

    • Size

      7.5MB

    • MD5

      3addcb27ffbfeecf0cf1f4980e0b0baf

    • SHA1

      dde794a1bb1fba39d30334b0abce6010092c5d27

    • SHA256

      15c2a89dc69cc532d59c40946f4764aeff284fd01734c2f5783efd60ce14f40a

    • SHA512

      3f2ed545f5f913f645506829192291098a7981afdc761f5cb996c299abe0cd5befc1585b0bafd189a5505b3543cadb340df50fbf9551de4c84b9d193628a082b

    • SSDEEP

      196608:4uoz1uHMDYjG4mJmvoG7nAbyrxpetNvjr:4uozPoumvozbyOr

    Score
    3/10
    discovery
    behavioral5

    • Target

      AppUtil.dll

    • Size

      1.5MB

    • MD5

      2b01d156bf9857a17daa46979218fa4c

    • SHA1

      591285020e8525ca51d1021ef8b4267d22b07329

    • SHA256

      b36a5d808f8e64ba0635c72c7c9049453a98edf160083df05a0311dff471030f

    • SHA512

      8afcfdf2d745cc634fa9440b7792b5d1477b1a15838a787aab9f4be4ee5cf0b81e08f4322a96ece37ff31f19fa4bf1f74463b3c908f0d532d1b25cee0d59bd3e

    • SSDEEP

      24576:Wbp2vEtmbb6kMjihOgysnGc7EiHhP2C1oPObTSFXhPq2QW8/Ec+M6e:WbpLtmbe7dSvAObTAXhPq2QWEEc+M6e

    Score
    3/10
    discovery
    behavioral6

    • Target

      AutoUpdate/AutoUpdateUtil.dll

    • Size

      198KB

    • MD5

      bf5e773b31cea30b6a8388c719cf0342

    • SHA1

      db300c09fce3c878225146f0ef1d07dcc15e54af

    • SHA256

      7a7e10507d07f8da2866233143e77ce7a3590c745300f08334d8e6308ab39115

    • SHA512

      52d37d86de26635caf46f49fd3c03d2530b57402a3dfbb21e6281c0331ec6e53a730ef0ab55c39d56eaf92308fe2efeb8c1ea4cfe1fed0b03f459fbe450e7a06

    • SSDEEP

      3072:QOq3B8kyfQQC2mC2gbvCsGowP96rH0Vu3b1vJ4gMdTPVj+HO1fn0HdH:/q3BJ4vCCa9Vgxy+Wvol

    Score
    3/10
    discovery
    behavioral7

    • Target

      AutoUpdate/Autoupdate.exe

    • Size

      2.8MB

    • MD5

      eec7155c48e1715f5d4eb489b01b717e

    • SHA1

      6e054c9389e20930779e3a3e33250813d4f1115e

    • SHA256

      8b0d7c1ab782922b44e283f958697dd2e3b427b8a6def2efabac3dd380b0fe9f

    • SHA512

      c7c57bf484d90fcaf9b32fd35d435cbac5c64575dbc099f26d069ef8904c0c865bf0b4b72fcbbde335c701f07a9974bd7df8444879caf9fe230e05fe33c9a88e

    • SSDEEP

      49152:Y7L6oPOReVwkTVcXj/SZTLvIkP4qghnX+fw58hG7UBg:Y7NQeZVcX7aIFqgJXMS3

    Score
    3/10
    discovery
    behavioral8

    • Target

      BugReport.exe

    • Size

      1.4MB

    • MD5

      af676ec6b1a87284061a679538c1422d

    • SHA1

      9c1d6d32e39bb11c5d649d16096e8ed8b0feaa6a

    • SHA256

      f859fae55c74a33afa97b2536e4116d8ef68090774f5349935f8fe127bc60e09

    • SHA512

      4ee5f972bc9f84e92ba7ed9e5227165a8e9cdc977fb4aa4ba44471cfe7738dce2537edd5652d447444cf92313d9cd1a5846f46ef5ee0854477d09df251752797

    • SSDEEP

      24576:EvlG+2O6nLOdc1G0BNmo5Suno0i1eBU2Jqh5Xok4NJFXuKrAHPr8qFTtK0x5Apv0:EvlzEy0BNmoYuLqHMuKsHPr8qFTNMpv0

    Score
    5/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral9

    • Target

      Bull140U.dll

    • Size

      3.2MB

    • MD5

      aed059c46be32077f7b63ab9349eee76

    • SHA1

      cc84ed3fe63e110f489111d7acefe9effb389aac

    • SHA256

      b7234ea6641f484834412a6edf820a56b7b26257e8780bff70f1c9d7cf02b9ee

    • SHA512

      f829e6d503f88f3cb50c1142a024368ca8cd787a9a85f6955fa5092cb5c06f679bdf5377718f97e1077a89a8606c3698839e344524f9d43629cdf02a4306da27

    • SSDEEP

      49152:LucCrMMcHiNTP0aVY+cTiPA+uo8TWg3QIY0Qk7kcnZwnlmd:kkCtVYfbnosNjI

    Score
    3/10
    discovery
    behavioral10

    • Target

      ChromeNativeMessagingHost.exe

    • Size

      126KB

    • MD5

      4c66734f2a19397055268103a85bac36

    • SHA1

      c7edc91d6af3a68180766aa81270a9d7893240b9

    • SHA256

      e64fdae21ca4287e2f8c1b6affa0f58d8d1f9b5fd4f385732e3b69e183ada963

    • SHA512

      ba274d14c95752f2f4c22d0049e184d9506a1361726078e25b633a8d6d42f9e30de3fdf5b1515bee4a3417f0a4fe83f10913be2a28f75af46e304ea60fcba5a4

    • SSDEEP

      1536:e3g0SyOZkuKe2nzGik0QkDYhH5RKA2CEKlXR4LYO1L7nnnvnTPei:e3g0SywqqhH5RKA2k1R48O1fnvT2

    Score
    3/10
    discovery
    behavioral11

    • Target

      HelpUtility.exe

    • Size

      148KB

    • MD5

      c5f97adf5bf9e5b8ec6fdb6b22e6649e

    • SHA1

      6786159e95cf4813260210bc1eb02fb5a191c0c7

    • SHA256

      706dce2d0d1dcbcb0695c84c9210ff5be6eab590ab41d77c7adbf15fd7e76257

    • SHA512

      c64b2a68acd8fa28f8c43e012107098de8b5930bd8b3e3665a25f0eb0a4b6a366bada8936bc93c6abf9f8ec57aa0edd657514752a07242b83254eb523322ddb2

    • SSDEEP

      3072:1SiN9E5e6zYYtEuk8Uu93C7aWoHWoFuz3JB0b7QrO1fnlnu:1SiGzV5LYcbdvln

    Score
    3/10
    discovery
    behavioral12

    • Target

      TeraBox.exe

    • Size

      6.3MB

    • MD5

      117c541f80c5e6706e722f9431d9fef6

    • SHA1

      d19eb357c221f4802e0c342da69bcdd463400b80

    • SHA256

      e6435157581258557202d04b08ebda3c87d52e5354ccc33825d80673c6b16e30

    • SHA512

      8239044b8b08d5743d09118c5db1a0e5dac8b77482b8d9b6146130df397d4a1b00427b6049bc82f14e6f6cf67a5dc8cdc3387931e28544277fe4fd9c912c0328

    • SSDEEP

      98304:bADvoVCPjkvi5FIQlaFR/Hi+u1QdaTyJqypAVx+lJy8ygx:8DvovjTaeJ3KGl08X

    Score
    5/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral13

    • Target

      TeraBoxHost.exe

    • Size

      379KB

    • MD5

      d239f47d0c68f48b6f695db3ead3ab60

    • SHA1

      e02acf65e2e5d1e33f2916f2bbf49b17cc5aeb8d

    • SHA256

      8453de254c58f4ce51b57a59ce7d5f65af9fc96893db32699832d5f7992fb322

    • SHA512

      6ff9d00fa380109ad6407cef7ad14b728c3c242d294fef9af5145936f53136e634ed9f06bc5c39a9e117e6a3c8a755d2c514da66fb4d24688409fa28a7ff1a7c

    • SSDEEP

      6144:OeciLlYdzhjHdlWQcedXd81grK6GtY1sbXdNPcz+vL:YQq9l+0GTPcz

    Score
    3/10
    discovery
    behavioral14

    • Target

      TeraBoxRender.exe

    • Size

      737KB

    • MD5

      68d8a519fd42a57a6baa3342a9e1f18a

    • SHA1

      5d23a6e49be5482c1ffabffb8333c69aa67b3faf

    • SHA256

      c29560d9ee9854f31506b063f21e97af8ad5194c2a749353dbf87c9d8ac5c984

    • SHA512

      1e5cf1b9e8d7190c82d033a1b469111da08aca5631910f45940a5f9b2486ac0f3b85abb974b58b41a767ce5e539a8c77d45861cc79420383f4a2b43cfdf5131c

    • SSDEEP

      6144:uWF5wFO09j7KPQ7QK50g0umuUHlb5xVtq+2zi0VvD6:uBFLj7x8dg0iUHlb5xV12G0

    Score
    3/10
    discovery
    behavioral15

    • Target

      TeraBoxWebService.exe

    • Size

      1.1MB

    • MD5

      1e77999ac64fd309a200921c646ef7c0

    • SHA1

      53679977c98b484e24e7d8c0810c695c99c98be5

    • SHA256

      5700ddbcd18561e1bd14c1de034fff226038e36e3bfd2451b5678fd6028d5aab

    • SHA512

      e1cd7332d9aaf6dd1de0cd053e47d54334b6fadd2fdf78fba33420cd9437d3ace463222bd62ef974a68ac0f752d052f73e45a92899e0ff4a926612ee07d34b17

    • SSDEEP

      12288:fzfoNHJMAdkx/GzpOmeSKeYD6ebL5UHk8UZw3ulzQxIH9cAPxTmsE0yl+V:fcNpMZx/SOeYD6KNF8UW3ul7HdPB+lQ

    Score
    3/10
    discovery
    behavioral16

    • Target

      YunDb.dll

    • Size

      777KB

    • MD5

      2858917ba572bb6c9ae5f6d3f6dacefd

    • SHA1

      32f7e70fdbbab4076f562016735c65d59e84389c

    • SHA256

      cbb041c110915067896baaf87738d8f06fb4d6afece8e76b189ff14537dcbf5b

    • SHA512

      09003219620543a20edc634c0d4125d700d2b3c703ab9298dfac44c7b1cd2c25dd2db5a7c12713986e1bd871667be170bb9bd9655350f9ba961c94bf0cea5a43

    • SSDEEP

      12288:2UNPEiw9LuXVIHxObQVJgItoyp2oriKSWJSfuuhXVbUcx2m1:tPENiVIHi+pN+KSWe6cJ

    Score
    3/10
    discovery
    behavioral17

    • Target

      YunDls.dll

    • Size

      2.1MB

    • MD5

      cfc32dd40b7abaa38ba2c2ab0feaaf9e

    • SHA1

      ca1a9ce7f862ec7915443a6c37297be19cbc2507

    • SHA256

      04aa450c5ee8db022e6d6cc035b77bd4ce17ae7e4aa8cf9e3b1bad5ae564ceef

    • SHA512

      fdd3d346651ec67949b43b714eb6296ad6b253b3bfb0d2d550162f10a110051026fbc58dccc557a4f92d4d76e0c00845b60f619187f804014d46be873dba6407

    • SSDEEP

      49152:jb4axdRT7rmAKRyHCSoFapK016t7768LHKSoPl19YeJidsS4:jUaVCS4awXt7762419YC

    Score
    3/10
    discovery
    behavioral18

    • Target

      YunLogic.dll

    • Size

      6.3MB

    • MD5

      2f049c2ca3d1446cd944993e8734bf0b

    • SHA1

      5afdff83485216268af0efa397399b2d8722b496

    • SHA256

      efb6eda25f1c82605caf839f45ab63fea5ad33ee36c891051d25b8309bb7e7c4

    • SHA512

      08920358699849bdb309b18a56b4351aae58e3de5657e56d3c7e12bc4e7101a317a94147ee27ebb396922cf2b6db43237d646386e4aeca1e5d0ebaaf7d2dc4ac

    • SSDEEP

      98304:bq2U23WtEllQ2ZYjuDpDGgQHYYCTtC6hWX9:W2UIjlkYpDGgQ0C6u

    Score
    3/10
    discovery
    behavioral19

    • Target

      YunOfficeAddin.dll

    • Size

      378KB

    • MD5

      4fffd9ffde2d48f474f9280c944b6940

    • SHA1

      2dc56ab63e3241eadbb3e39ef697d2d468d4a57e

    • SHA256

      635e8364383318f04667524663191e03fbcab9359006a1e829902bce7e19544d

    • SHA512

      d40e5ff0a2f1a8ff38c159c149bb71456f59b9ca277b0e8a2c88e61b258db8142c7ab942817a0c28cac47635cfc300b10dd955fdf1bcb8078122a6d66cd10f85

    • SSDEEP

      6144:sd33K6ndCugWK5GELbZTG/2WuXUZ9nx1O0DqgLTBZF9aUAKvv2dT:+TnfYGELlTAvuXU/7O0OgLT3DAKCT

    Score
    3/10
    discovery
    behavioral20

    • Target

      YunOfficeAddin64.dll

    • Size

      491KB

    • MD5

      aa257db82af0ce00192bfc3a72c47d56

    • SHA1

      bbfa65b9512dbca06985fca1534c1178b331ab7b

    • SHA256

      1083ea29c46cc3fdd3324a1887b6e3489e98076e9cc1b941f363ebd2225cbbff

    • SHA512

      b45706e23f8f394e2693c49ad1410ddd3012fda01c3d88778f9d8c0ecf23b498fcd9e75d2eb45bb7032ec940bd81f568ace9830d0ef634d989f7408b03104b78

    • SSDEEP

      12288:y26huPL8Un97lf3ijZXU9TFwChkt/XHC3+Qu:lr8K79OZXU9TFwChkt/XHO

    Score
    5/10
    persistenceprivilege_escalation

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral21

    • Target

      YunShellExt.dll

    • Size

      783KB

    • MD5

      07279ef082ddc63a51c663b7ba003f03

    • SHA1

      46c651926f478a29ea6cb75f982456be4dd168eb

    • SHA256

      696ed7f01ca07963cad40eb0177bda10494a232707000e449bab9874a222f358

    • SHA512

      febe5416fd36f750061569f15ab211286608e784296f3fc49fcb3c4508b74b1339110a83ea681b94846d662dd200c4c8b7c2fa657a0e9ee7bc9bb2b6f039b5a2

    • SSDEEP

      12288:TXJNjwqkHjClb9ITZWj5bFSXiXO/aTeTISu8ArGzGtx2mYQJobK:THBkHjc9FeiXO/aTwIDIoUs

    Score
    3/10
    discovery
    behavioral22

    • Target

      YunShellExt64.dll

    • Size

      1011KB

    • MD5

      3a70aef3153e58a9624ef1bcaa63fbbb

    • SHA1

      9f6a9f877a2153294687cdc5e661c6c539b3136d

    • SHA256

      aede12d6e7221cdf81ca4dd73c7961a7d5bd4313f7793f5437a64ac271844317

    • SHA512

      4d131f536f560207f7d259144327625d7c352c93979f663212d0fc430840757239e9be9c7030bc1826765d078fdaa9cb730e0cf2d217ff8203f6742547ffdaac

    • SSDEEP

      24576:PMD0VtMR4O/e4KVvk0CCbOIuklHPiDSG6jFWe:PMD0VtMRzck0dqklHPcSG6j

    Score
    5/10
    persistenceprivilege_escalation

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral23

    • Target

      YunUtilityService.exe

    • Size

      111KB

    • MD5

      666302bb1ecf9edb2445d390e52c737e

    • SHA1

      df8272fcabaa673bfe2e135d9f351f5ec366f077

    • SHA256

      48a15f0945dd83ec074066e7a47131f1f48e85e31fb26280c8a70753d7584b2b

    • SHA512

      ad0850f7d8985dca12cb06b2837c3791e75aba35e74243f13e143c423b116338b4ff5531e2f77b5c778a83926f5dc5ce801f23013ca1e5334ceca36ebd302e6a

    • SSDEEP

      3072:dXIcpr9wKLKVO/npEm2k9oNwQ530O1fnGND:buG2coNwQ5LvGh

    Score
    3/10
    discovery
    behavioral24

    • Target

      api-ms-win-core-console-l1-1-0.dll

    • Size

      11KB

    • MD5

      3c89c64d591ab2eaf01fbd2253b3a623

    • SHA1

      99b595ed628983c88eb09c484777eea666f631b9

    • SHA256

      0dd2878a9aad0d1a64848db4a1b4e3851fd5bf049c4ba5b726d114ff45fd947a

    • SHA512

      bb370bd639c4b2d25c44d153a7de6dff7fcb8f8af644b6b37243fab1bff282d8d3f13770e6862cf0b348ff83e6d7f73b3aef61e575660debce5664ced50be715

    • SSDEEP

      192:WfAwWOhWrpT71ojDBQABJwqnajLQvTP+8jIrerl:WfVWOhWrSDBRJwlvQyUIrerl

    Score
    3/10
    discovery
    behavioral25

    • Target

      api-ms-win-core-datetime-l1-1-0.dll

    • Size

      11KB

    • MD5

      6dbcafa7fd0b183040b73e7e1d97674b

    • SHA1

      4a6f7d5ceca5dd225532d95b743fa7b7b724621d

    • SHA256

      289ea86da94de73f0f0de4812caf7eda170ee612c72a713b3036b2669813d15a

    • SHA512

      e7c4dbf91c27c2d1570529e33c47e0e2b77c636a22f32f2956c9a59b5acae8b2721ea5802d85bbd179c7931d1542ca20b526487297be729698027ffd97d4ac44

    • SSDEEP

      192:FWOhWOUT71ojDBQABJwY1UqnajMHxxBNT06YeO7BN:FWOhW+DBRJwHlI66YeO9N

    Score
    3/10
    discovery
    behavioral26

    • Target

      api-ms-win-core-debug-l1-1-0.dll

    • Size

      11KB

    • MD5

      d9e02887a85903ee3a4fa7f197865274

    • SHA1

      f68904fef682461068ea782f1ed911b124793732

    • SHA256

      9487da37a92b40720ea2ad64ea0c9adc8b3c7bc4fe1f63a0e03e9c7a18943565

    • SHA512

      43fbb849a9a6e41e3b20813ebbe29e9fc233f6c1a7c00f8798f15f5c896bca7f6906a9a65fbc5569b3d5f901d70ab9a6132f8a9f71193f2d7f5559a607d5cf84

    • SSDEEP

      192:4WOhWqT71ojDBQABJTwvveqnajsl/cqtm4t:4WOhWrDBRJTw3elPqr

    Score
    3/10
    discovery
    behavioral27

    • Target

      api-ms-win-core-errorhandling-l1-1-0.dll

    • Size

      11KB

    • MD5

      fcc2e13d7db99b2f3725046ca7d392d0

    • SHA1

      14d31bc9070a47cc58342aedd17b4ead672da6ea

    • SHA256

      9cc0615a94b0a320f4b675eccbc3f7b8c279d9f692165afc6ce0c877f3981b08

    • SHA512

      bd9c7f3d97413f14abfe75cd2c5cfcb5aa39de05c8f69a2f6bfac554fdcf0eb0e41a32c34a5e7fe78a2bee2ad9d4be2895a33f138f7f0cb9f02dd3725b1893bd

    • SSDEEP

      192:GyfmxD3TWOhW0T71ojDBQABJ2ZqnajxcRGlPHSm:GyfYWOhWZDBRJ2Zll7PHSm

    Score
    3/10
    discovery
    behavioral28

    • Target

      api-ms-win-core-file-l1-1-0.dll

    • Size

      14KB

    • MD5

      d613baa29afa3db1faa991876dd382f1

    • SHA1

      795ad1269848846294563480750c91abf6bf33af

    • SHA256

      4b2dc152f33cd7d88beba8696a57cd0383f05c50d2fb63672664717766762a1d

    • SHA512

      a7113a430d39a71af764ddddda81f37f280f795ae88f5ab829523b278f82c1487401316c24700be4451a162567c282bcf08390a583ccd18b1baf96cd86ab54b3

    • SSDEEP

      192:zYPvVX8rFTsBWOhWwT71ojDBQABJ9t6qnaj9RlSIFspC:EPvVXbWOhW1DBRJ9t6lBRAIFsI

    Score
    3/10
    discovery
    behavioral29

    • Target

      api-ms-win-core-file-l1-2-0.dll

    • Size

      11KB

    • MD5

      00d8b4bed48a1bb8a0451b967a902977

    • SHA1

      f10ef17bda66d7cab2840d7f89c6de022a7b3ff2

    • SHA256

      568d7f8551d8b4199db3359d5145bc4cb01d6d2f1347547f47967eb06a45c3b5

    • SHA512

      e248cbc06fc610f315d7efcadb39b5cb85dfe5d40858768d5aea8d41b3b4b23eafe0db2b38cce362fd8ba8bc5eb26e9b2dddc00e2e8615395bca818ecfe0decc

    • SSDEEP

      192:HWOhW7T71ojDBQABJ76qnajMHxxBNT06YeOg:HWOhWIDBRJulI66YeOg

    Score
    3/10
    discovery
    behavioral30

    • Target

      api-ms-win-core-file-l2-1-0.dll

    • Size

      11KB

    • MD5

      534483b0f4a1924b1ae6d7e66b4a4926

    • SHA1

      4e954316acd216007f4a0225b138e0c0a04fbbed

    • SHA256

      c1bca1bb524c5ae3d877a099f469b6fc34288bab26ae7a7f4fc47cd869f4958d

    • SHA512

      cfad2ddf8a9ad67e36e978726d8a12ca26b180f73122b2e8d19a83f73028a050d9f418e7525f576cc3a9601b3369d4494dddbde620b4011b7ca8a7ec4b0d1b12

    • SSDEEP

      192:tWOhWzT71ojDBQABJUrkqnaj9RlSIFxKV:tWOhWwDBRJ4klBRAIFw

    Score
    3/10
    discovery
    behavioral31

    • Target

      api-ms-win-core-handle-l1-1-0.dll

    • Size

      11KB

    • MD5

      2bd9500ab908c0e02ca40f19ef647288

    • SHA1

      de8cd89fba64fa131fa842619b10d7d2d8a681d1

    • SHA256

      85546a616d5594b884146aa4e13cdbfe841c9d956e648c6ee4840e6f4428bdcd

    • SHA512

      1a3c5e306b6bedc87c250f8cb1b82e2c736a2c0a8e37c67e287914ff49da88af21722effad8cc4918d06b303989b09b35eb5d545a590be9fa8cdbf9028ef75a4

    • SSDEEP

      192:bWOhWxT71ojDBQABJNf+Q2qnaj9RlSIFr:bWOhWqDBRJN2blBRAIFr

    Score
    3/10
    discovery
    behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

3
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

pdflink
Score
4/10

behavioral1

discoverypersistenceprivilege_escalation
Score
6/10

behavioral2

discovery
Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
5/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
5/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

persistenceprivilege_escalation
Score
5/10

behavioral22

discovery
Score
3/10

behavioral23

persistenceprivilege_escalation
Score
5/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10