Overview

overview

8

Static

static

8

azure-cosm...8f.msi

windows10-2004-x64

6

azure-cosm...8f.msi

windows11-21h2-x64

6

Sharing

Copy URL Twitter E-mail

General

  • Target

    azure-cosmosdb-emulator-2.14.21-1c783d8f.msi

  • Size

    320.5MB

  • Sample

    250519-ykkqrsyky2

  • MD5

    4d2e9e979c22aaa83ea1ca4c43b7545d

  • SHA1

    7fa480a78e895be9a44f7293a47ff02b1f0f81ea

  • SHA256

    1ef64cf9cd13c611aac394113a703af6f525c7c39bfb6b4c3f884d57f6f1d1cf

  • SHA512

    08a633750d8df1d27c65c41d239ee1238e881d8e40605ad8f31d459f5829474a5163d9fb35d0cc926f9eb7dfd3fa10ddc604a7f4506c439cf99b65d822504f34

  • SSDEEP

    6291456:BN85ctsnnJJmPrDIcDjJ3luu3p3dEDMYFPLzYqnkzDih6rATkmXQwNmUY:BN6k2Jiv3lRhaD5FPLnwVrgk2QamUY

Score
8/10
discoverymacromacro_on_actionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      azure-cosmosdb-emulator-2.14.21-1c783d8f.msi

    • Size

      320.5MB

    • MD5

      4d2e9e979c22aaa83ea1ca4c43b7545d

    • SHA1

      7fa480a78e895be9a44f7293a47ff02b1f0f81ea

    • SHA256

      1ef64cf9cd13c611aac394113a703af6f525c7c39bfb6b4c3f884d57f6f1d1cf

    • SHA512

      08a633750d8df1d27c65c41d239ee1238e881d8e40605ad8f31d459f5829474a5163d9fb35d0cc926f9eb7dfd3fa10ddc604a7f4506c439cf99b65d822504f34

    • SSDEEP

      6291456:BN85ctsnnJJmPrDIcDjJ3luu3p3dEDMYFPLzYqnkzDih6rATkmXQwNmUY:BN6k2Jiv3lRhaD5FPLnwVrgk2QamUY

    Score
    6/10
    discoverypersistenceprivilege_escalation

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks