General
-
Target
BWCStartMSI.exe
-
Size
8.1MB
-
Sample
241213-mqjj4swjes
-
MD5
89d75b7846db98111be948830f9cf7c2
-
SHA1
3771cbe04980af3cdca295df79346456d1207051
-
SHA256
1077f5ff5fc1c7b7ce347323d14ba387f43e9cfab9808fa31a1cd3144fa05ef4
-
SHA512
f283b1a7bc30621a0e6ee6383174323cc67d002329a294d13aa23a633ca6f66ee0acdc6a4d2b0d4b7465acaa043b60f1ed27200a2b2d998fa0ef85f3545138fc
-
SSDEEP
196608:HREgs4DsRz2vROZmy0TNy06Gm/HVSle4LG7IYTmd6r+d4:HRG2vROZmyYR63/HVSleAkLT66r+a
Static task
static1
Behavioral task
behavioral1
Sample
BWCStartMSI.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
BWCStartMSI.exe
-
Size
8.1MB
-
MD5
89d75b7846db98111be948830f9cf7c2
-
SHA1
3771cbe04980af3cdca295df79346456d1207051
-
SHA256
1077f5ff5fc1c7b7ce347323d14ba387f43e9cfab9808fa31a1cd3144fa05ef4
-
SHA512
f283b1a7bc30621a0e6ee6383174323cc67d002329a294d13aa23a633ca6f66ee0acdc6a4d2b0d4b7465acaa043b60f1ed27200a2b2d998fa0ef85f3545138fc
-
SSDEEP
196608:HREgs4DsRz2vROZmy0TNy06Gm/HVSle4LG7IYTmd6r+d4:HRG2vROZmyYR63/HVSleAkLT66r+a
Score8/10-
Blocklisted process makes network request
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1