5da1ed1fa59fe6b26615347b83820e693f2a8eec1c95c05bd3f5d9e12b00cd3a | Triage

Submit
Reports

Overview

overview

7

Static

static

3

54 45 53 5...22.exe

windows10-2004-x64

7

54 45 53 5...22.exe

windows11-21h2-x64

3

54 45 53 5...86.exe

windows10-2004-x64

7

54 45 53 5...86.exe

windows11-21h2-x64

7

Sharing

General

Target

error422.zip
Size

203.3MB
Sample

241204-3tb77stjhm
MD5

0cfd935f8fcbedadbee6457ba20d6690
SHA1

bb866ee339b0d77b78348e67877b1610338e7adc
SHA256

5da1ed1fa59fe6b26615347b83820e693f2a8eec1c95c05bd3f5d9e12b00cd3a
SHA512

d930b9a140cf25eff991aa7d375de986eea5f1a94bc31fa94cad77ac212f62de4e10e85c0da4b98a330b06f9bdc083bf4a1002d35248cbb9b9b5dd7aef1f2f60
SSDEEP

6291456:LBruI9iSD/RcG2Oxy0yERVDVzuSfnaxd1q3w4ZwIOhjIgl:9ruIJDmGngiDbvoPq37Zmhtl

Score

7^/10

discovery motw phishing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

54 45 53 54/ERROR422.exe

Resource

win10v2004-20241007-en

discovery motw phishing

windows10-2004-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

54 45 53 54/ERROR422.exe

Resource

win11-20241007-en

windows11-21h2-x64

1 signatures

150 seconds

Behavioral task

behavioral3

Sample

54 45 53 54/jdk-8u191-windows-i586.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

17 signatures

150 seconds

Behavioral task

behavioral4

Sample

54 45 53 54/jdk-8u191-windows-i586.exe

Resource

win11-20241007-en

windows11-21h2-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  54 45 53 54/ERROR422.exe
- Size
  
  8.0MB
- MD5
  
  7b01e76578486d44bbafb0d51381820e
- SHA1
  
  0daa6b605200bf6fabd7a08f7de4c1eac4fd12d9
- SHA256
  
  7765f79269ebad7f33a0dc8d18360f5adf9464660f2259f9961cad0aa2f94bbd
- SHA512
  
  0c6d84c197713b3c8ab12bf23e1d6d828eca1cf7e11a047de0856046974abb2e297899c8a3c445a206c80fc963919a3cecaf8b5c336a349b821eb1df013a7c92
- SSDEEP
  
  196608:GiF+hNQl6gsLxL8QpNpKyro8thPVNadB:oC0bx5pTKs1JadB
Score

7^/10

discovery motw phishing
- A potential corporate email address has been identified in the URL: currency-file@1
  phishing
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
behavioral1 behavioral2
- Target
  
  54 45 53 54/jdk-8u191-windows-i586.exe
- Size
  
  197.3MB
- MD5
  
  50cfd28a3a3243bc5e9be096a3b9fd97
- SHA1
  
  bc8f26edb5d1b6d93459405da76bc52c9b882e69
- SHA256
  
  a92fce986622e9846b93e396a7eda6214e7f7ea90860794c934f423c10813622
- SHA512
  
  859e7cc427a5ea990dd3b5301d0bb68aceac9b32f62363d5d21ed90ad45a7a7912d201dc276786bfcfb18a8683776623c7b78c4ad06c4f8002033bfaa6e8855e
- SSDEEP
  
  6291456:TRcAp+FfSMhbAOo8ZycQv15tZ8YpG+sdjjceHAk8iaKmh:TRcAp4SWAURo5MAHojjjHEiaT
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverymotwphishing

behavioral2

behavioral3

behavioral4

© 2018-2024

Terms | Privacy