Overview

overview

10

Static

static

10

msi18.msi

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    msi18.msi

  • Size

    17.1MB

  • Sample

    250409-qg2aca1mx6

  • MD5

    b2610cf607f63b0fcaaa7cf472c05c6d

  • SHA1

    2f5de11ebbe3830fcd23622e70bf647521b4636f

  • SHA256

    0043d411ad7cd395c30e7de7e2497a1b0b117bb2878810865518854a8faf07e6

  • SHA512

    931831d95f8c19246d5bb1b9075cea0ab00df39859b90a7b61257bf69ff6540aff0e92257de9e7e29102e89ab557da11878cefc6f807734bef0e5ed9e6053be4

  • SSDEEP

    196608:YsnQvuxA5XD648nD7xWdiFZenspOujIi5Zvnk28MellrugS6c46xcS7qvXn:/Qvuu524UfxZZqUOKZs28But4i0Xn

Score
10/10
hijackloaderdiscoverypersistenceprivilege_escalation

Malware Config

Extracted

Family

hijackloader

Attributes
  • directory

    %APPDATA%\Scanauth_LPD_v5

  • inject_dll

    %windir%\SysWOW64\pla.dll

xor.hex

Targets

    • Target

      msi18.msi

    • Size

      17.1MB

    • MD5

      b2610cf607f63b0fcaaa7cf472c05c6d

    • SHA1

      2f5de11ebbe3830fcd23622e70bf647521b4636f

    • SHA256

      0043d411ad7cd395c30e7de7e2497a1b0b117bb2878810865518854a8faf07e6

    • SHA512

      931831d95f8c19246d5bb1b9075cea0ab00df39859b90a7b61257bf69ff6540aff0e92257de9e7e29102e89ab557da11878cefc6f807734bef0e5ed9e6053be4

    • SSDEEP

      196608:YsnQvuxA5XD648nD7xWdiFZenspOujIi5Zvnk28MellrugS6c46xcS7qvXn:/Qvuu524UfxZZqUOKZs28But4i0Xn

    Score
    6/10
    discoverypersistenceprivilege_escalation

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v16

Tasks