Overview

overview

8

Static

static

1.msi

windows7-x64

8

1.msi

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.msi

  • Size

    3.9MB

  • Sample

    220805-ttnfsscdfk

  • MD5

    6cf5ad7a7d1b7bab0c62e246cf41a985

  • SHA1

    b06a03adc550ead96534f5e723395c4e16bfdf44

  • SHA256

    fb9f0bf2b71bf576053c56cb913ea4e93581fc9d3aa9d6d8a0ae572a1622f050

  • SHA512

    46cd8bd1ead75a8adb7d5bff81a2fdc04567d462e965664f6f9f796237839f07f74d2201c3da8f7f37c9dfc45749ed88708db5a216d84f7ac146e5af58a8608e

Score
8/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      1.msi

    • Size

      3.9MB

    • MD5

      6cf5ad7a7d1b7bab0c62e246cf41a985

    • SHA1

      b06a03adc550ead96534f5e723395c4e16bfdf44

    • SHA256

      fb9f0bf2b71bf576053c56cb913ea4e93581fc9d3aa9d6d8a0ae572a1622f050

    • SHA512

      46cd8bd1ead75a8adb7d5bff81a2fdc04567d462e965664f6f9f796237839f07f74d2201c3da8f7f37c9dfc45749ed88708db5a216d84f7ac146e5af58a8608e

    Score
    8/10
    discoveryevasionpersistence

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Sets file execution options in registry

      persistence

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

File Permissions Modification

1
T1222

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks