Overview

overview

10

Static

static

3

ui.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ui.exe

  • Size

    15.7MB

  • Sample

    250227-dejw3atjt7

  • MD5

    dcfb3864861147a02575aeda7ac48dbb

  • SHA1

    37b9a26c9beb498f71c565d5b132e39b31136bd4

  • SHA256

    38917afbf4fd34af26909651d9a0c5808e18f8655186b475880b7e3e45d32eba

  • SHA512

    f30631aef4b0f5eef0af6b2b64c9a15c5d379d46fb0abf18c71687f0336ffb7f42ba89fecc37d17db801b3b064481bf106b035a819c5c7ac72b90a131448e75f

  • SSDEEP

    98304:9deFH235hRnrD4OzVN03DUtSYorb012Bz3OxPrwqQ2jJ6cefe2vtjlprky/19KfP:9dX5D9IDnk4BmVjJe99IfcQXYrVJV+

Score
10/10
defense_evasiondiscoverytrojan

Malware Config

Targets

    • Target

      ui.exe

    • Size

      15.7MB

    • MD5

      dcfb3864861147a02575aeda7ac48dbb

    • SHA1

      37b9a26c9beb498f71c565d5b132e39b31136bd4

    • SHA256

      38917afbf4fd34af26909651d9a0c5808e18f8655186b475880b7e3e45d32eba

    • SHA512

      f30631aef4b0f5eef0af6b2b64c9a15c5d379d46fb0abf18c71687f0336ffb7f42ba89fecc37d17db801b3b064481bf106b035a819c5c7ac72b90a131448e75f

    • SSDEEP

      98304:9deFH235hRnrD4OzVN03DUtSYorb012Bz3OxPrwqQ2jJ6cefe2vtjlprky/19KfP:9dX5D9IDnk4BmVjJe99IfcQXYrVJV+

    Score
    10/10
    defense_evasiondiscoverytrojan

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      defense_evasiontrojan

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks