General
-
Target
Wix.zip
-
Size
30.2MB
-
Sample
241201-wyxldasngj
-
MD5
ec2ded854e797340f7dd38ebde75982e
-
SHA1
5493348e812a1683cf9df2d906ae6758d5489fa1
-
SHA256
71bf189ebc55138bfce56f63efcacdb2f277d53215883fa0895810f8403a2d5f
-
SHA512
9a27d3c9bef51b2ceaa0e6b713e9f6016c77ed4769de90720abb38b52f3505ea91aa9798279570f2c4b52f81a02384d6451e594aa666b4c9eddedbf0e5f625e7
-
SSDEEP
786432:LXUrsSxc3F2a8Ty+4T4lg+o2iIvbOeASxUDwz8t7:Lk12ka8/4E9NqeCDce
Malware Config
Targets
-
-
Target
Wix.exe
-
Size
71.0MB
-
MD5
f2dc07d0931121829637cba7daddd81f
-
SHA1
15c2184dc5d591f2ab39ade1381181e4479f8d19
-
SHA256
54af4e9d0e6236ee5655791ac71c4ed9ec3542b1b621207070ed1f28138b0c0b
-
SHA512
7dce51ab4ad9988f1a94f642dff2d52106f8dd0905d148431f54dcf2e6d55950576ab12b60ad28e01db9b9449f8bd101bc7ad9a1d6c90bc0aeae2a8841ee76bf
-
SSDEEP
786432:p+MqXLGy6AB9PMv+EttW8f5Ggo6ywk+9:py6ABH+dryw
Score10/10-
Detected microsoft outlook phishing page
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
A potential corporate email address has been identified in the URL: 6633dd5dcff475e6fb744426_&@2x.png
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Detected potential entity reuse from brand MICROSOFT.
-
-
-
Target
cachehandler.dll
-
Size
4.7MB
-
MD5
a7b7470c347f84365ffe1b2072b4f95c
-
SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3
-
SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
-
SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d
-
SSDEEP
49152:hCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRN1:oG2QCwmHjnog/pzHAo/Ayc
Score1/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1