General
-
Target
https://upload2.delivery.autodesk.com/WebInstall3StubGUI-1748454144068.exe?response-content-disposition=attachment%3B%20filename%20%3D%22Autodesk_DWG_TrueView_2026_en-US_setup_webinstall.exe%22%20%3B%20filename%2A%3DUTF-8%27%27Autodesk_DWG_TrueView_2026_en-US_setup_webinstall.exe
-
Sample
250529-jd1q3sem3y
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://upload2.delivery.autodesk.com/WebInstall3StubGUI-1748454144068.exe?response-content-disposition=attachment%3B%20filename%20%3D%22Autodesk_DWG_TrueView_2026_en-US_setup_webinstall.exe%22%20%3B%20filename%2A%3DUTF-8%27%27Autodesk_DWG_TrueView_2026_en-US_setup_webinstall.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
https://upload2.delivery.autodesk.com/WebInstall3StubGUI-1748454144068.exe?response-content-disposition=attachment%3B%20filename%20%3D%22Autodesk_DWG_TrueView_2026_en-US_setup_webinstall.exe%22%20%3B%20filename%2A%3DUTF-8%27%27Autodesk_DWG_TrueView_2026_en-US_setup_webinstall.exe
-
Renames multiple (58) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1