General
-
Target
is4_aisi_ooo.msi
-
Size
244.8MB
-
Sample
250331-s18vmsvp18
-
MD5
d6051404c4089adbd54b3c0b82e39fb2
-
SHA1
cbe196a0e69582541e5ae797ff0138507c0eaf90
-
SHA256
881ccaa5625ca03bb22d68a74bc7f05a6b025378bd57ec28f3ca25623aa70443
-
SHA512
2657d0ba4557a60a320b93b4e3be2fa271b0447c119691937bf87452d8acc11498b452723a7982f5e22bea41368fe0c453067e4fb39ba4fc33a9697300603be5
-
SSDEEP
3145728:m0MHQUMwm4dKteU+LRXLJNXCbzyYxKhqz6mmB5DM7qXN5nDMTBPOEu2ZZExR7gqZ:gFsMMzhaWOXbDMTBPFTKeSQUztlK8
Malware Config
Targets
-
-
Target
is4_aisi_ooo.msi
-
Size
244.8MB
-
MD5
d6051404c4089adbd54b3c0b82e39fb2
-
SHA1
cbe196a0e69582541e5ae797ff0138507c0eaf90
-
SHA256
881ccaa5625ca03bb22d68a74bc7f05a6b025378bd57ec28f3ca25623aa70443
-
SHA512
2657d0ba4557a60a320b93b4e3be2fa271b0447c119691937bf87452d8acc11498b452723a7982f5e22bea41368fe0c453067e4fb39ba4fc33a9697300603be5
-
SSDEEP
3145728:m0MHQUMwm4dKteU+LRXLJNXCbzyYxKhqz6mmB5DM7qXN5nDMTBPOEu2ZZExR7gqZ:gFsMMzhaWOXbDMTBPFTKeSQUztlK8
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Access Token Manipulation
1Create Process with Token
1Event Triggered Execution
1Installer Packages
1Defense Evasion
Access Token Manipulation
1Create Process with Token
1System Binary Proxy Execution
1Msiexec
1