Overview
overview
10Static
static
3AppxSip/AppxSip.dll
windows11-21h2-x64
8AppxSip/MSVidCtl.dll
windows11-21h2-x64
1AppxSip/de...ps.dll
windows11-21h2-x64
5AppxSip/devenum.dll
windows11-21h2-x64
7SEMgrPS/SEMgrPS.dll
windows11-21h2-x64
1SEMgrPS/Se...pi.dll
windows11-21h2-x64
1SEMgrPS/ne...vc.dll
windows11-21h2-x64
1SEMgrPS/wcimage.dll
windows11-21h2-x64
1dsreg/dcntel.dll
windows11-21h2-x64
1dsreg/dsound.dll
windows11-21h2-x64
1dsreg/dsreg.dll
windows11-21h2-x64
1dsreg/sensrsvc.dll
windows11-21h2-x64
1netprofm/T...ep.dll
windows11-21h2-x64
1netprofm/netprofm.dll
windows11-21h2-x64
1netprofm/rpcnsh.dll
windows11-21h2-x64
1netprofm/s...is.dll
windows11-21h2-x64
1pcwum/AppxSip.dll
windows11-21h2-x64
8pcwum/asferror.dll
windows11-21h2-x64
1pcwum/pcwum.dll
windows11-21h2-x64
1pcwum/pdhui.dll
windows11-21h2-x64
1setup.msi
windows11-21h2-x64
10General
-
Target
__x64___setup___x32__.zip
-
Size
26.0MB
-
Sample
240619-rdbqys1hje
-
MD5
834495947f826a32ec96ba9c4bb9ecfa
-
SHA1
f5e122c0f5e8fb25189fdaf7667c620f5154bf24
-
SHA256
d634a0cccedb8877e4f6e2dd9d59975f6a8dfcd767c75c478f2d7a97cd3469ef
-
SHA512
3b9f713122426ddf78ad8ee1550e7ff9ae6e3f41e473c9a99e84735f001f523213b4b069b3dfeb3d1c60d324e38b41bddf1d2850efc677ce5f9571d246630c92
-
SSDEEP
786432:k2dKy4NXj3zLVoPkc6w51UrcL2kpVFBO7PIUqM:PONXj3/Vmb51YQ2kpVFY7PItM
Static task
static1
Behavioral task
behavioral1
Sample
AppxSip/AppxSip.dll
Resource
win11-20240611-en
Behavioral task
behavioral2
Sample
AppxSip/MSVidCtl.dll
Resource
win11-20240611-en
Behavioral task
behavioral3
Sample
AppxSip/deploymentcsps.dll
Resource
win11-20240419-en
Behavioral task
behavioral4
Sample
AppxSip/devenum.dll
Resource
win11-20240611-en
Behavioral task
behavioral5
Sample
SEMgrPS/SEMgrPS.dll
Resource
win11-20240508-en
Behavioral task
behavioral6
Sample
SEMgrPS/SensorsApi.dll
Resource
win11-20240508-en
Behavioral task
behavioral7
Sample
SEMgrPS/netprofmsvc.dll
Resource
win11-20240508-en
Behavioral task
behavioral8
Sample
SEMgrPS/wcimage.dll
Resource
win11-20240508-en
Behavioral task
behavioral9
Sample
dsreg/dcntel.dll
Resource
win11-20240508-en
Behavioral task
behavioral10
Sample
dsreg/dsound.dll
Resource
win11-20240611-en
Behavioral task
behavioral11
Sample
dsreg/dsreg.dll
Resource
win11-20240611-en
Behavioral task
behavioral12
Sample
dsreg/sensrsvc.dll
Resource
win11-20240611-en
Behavioral task
behavioral13
Sample
netprofm/TapiSysprep.dll
Resource
win11-20240611-en
Behavioral task
behavioral14
Sample
netprofm/netprofm.dll
Resource
win11-20240508-en
Behavioral task
behavioral15
Sample
netprofm/rpcnsh.dll
Resource
win11-20240611-en
Behavioral task
behavioral16
Sample
netprofm/socialapis.dll
Resource
win11-20240419-en
Behavioral task
behavioral17
Sample
pcwum/AppxSip.dll
Resource
win11-20240611-en
Behavioral task
behavioral18
Sample
pcwum/asferror.dll
Resource
win11-20240611-en
Behavioral task
behavioral19
Sample
pcwum/pcwum.dll
Resource
win11-20240611-en
Behavioral task
behavioral20
Sample
pcwum/pdhui.dll
Resource
win11-20240508-en
Behavioral task
behavioral21
Sample
setup.msi
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
AppxSip/AppxSip.dll
-
Size
268KB
-
MD5
577dbb84e03e995d507840258c52913f
-
SHA1
cb1d426d26a3e966d29a6a28f94ed5273c21d759
-
SHA256
c8ed0608c107745d56fcdf34cac855602c65dc1a612c173f4057cbd30fbf2058
-
SHA512
90263941720d4498cfe588ecc7c713f04ce2431722b918859c555041be1823ace5163306c3e273e92fde0d472b3bb494acc37b26982a269116b64ed13aa396cf
-
SSDEEP
6144:cTXUiOy2C35UKI+EqJNLo/AKjJIcLIT9mAD:cTkFy2aI+FLSHjJIcsR
Score8/10-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
-
-
Target
AppxSip/MSVidCtl.dll
-
Size
3.3MB
-
MD5
6a93c400f7d5bcf8799c0506531f7d12
-
SHA1
f8ecd93adfc87ae76970656bd15af3a960a83428
-
SHA256
6679297f7e7f17ef37f48fa25f070d78e76324d167aa8b961d85327321e58754
-
SHA512
209476a382bce5b53762b52c5b9f3f1bcb0d1f3b3763d1c8aa3ed6c1af838d4b442ffd7a40eb851a6c36a462031ee5fda5617dae5348426f7de3ef73b2aaec6d
-
SSDEEP
49152:GRVfgoQrkv0BzBQLW6Ki8gT3lZhrnxySgnpO91MmIusURfvxmtdl:GRVfgoQrkv0BVi8gT3r9xyS1jzfvx
Score1/10 -
-
-
Target
AppxSip/deploymentcsps.dll
-
Size
76KB
-
MD5
1d6dffb182135656f682353bf01d3bf1
-
SHA1
e6a1c4915364e4ce5bb90b51b38dbb45007dbd2b
-
SHA256
d3ecce1709057d83119d2fc9295848dc096ebf682aea0e9bda49e31bd5397fda
-
SHA512
754a746b08074db21cf72d1b3b9574ba75b7c893ea4cdbf8cddfbd7ffe206005172e5acc4bcfd125e88226bab5a60334572a0722167eb93b7f4d73e7b7b364b8
-
SSDEEP
1536:ecB5LC+IF7VPfLhS4eq/PblCVouzRh/DWb+7xAib8CCRhl5glvNtr:ecBEpPg6zkVouz7Da+2ib8CCRP56L
Score5/10-
Drops file in System32 directory
-
-
-
Target
AppxSip/devenum.dll
-
Size
108KB
-
MD5
13dc564be50b850d4ba18d8b28ed7802
-
SHA1
17e703b95bd1ba6beeacb498d4494494e14b7266
-
SHA256
d4c23365d6c16ed6be52fe620742c1fde00d2cb14c3844c7e633b2a251c4c39d
-
SHA512
145da4efdeb0e710e0116462f957d2083c7ad3ee47269fdd853145a1f37ec37b888ad2a585f5965b61525a8848488ae4903eca7550208cda664b5fab9084ced6
-
SSDEEP
1536:W0s0VKB22Wola4XD1HKVxY+e1DxJjdAeWH3z4OmFeTNvM3mBG52hhvzrDQdRC3am:lOBDJKVuaeWHjtmITNSmBG5Ghvbh
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
SEMgrPS/SEMgrPS.dll
-
Size
40KB
-
MD5
76e12d39f82567db28b132e245d9e3ce
-
SHA1
53cbd54614b8e21e78096d32ddebf0771b359c37
-
SHA256
5edd09d2a2e2e03ac2fa7db4c7b9f4ee300c696534788dbedaf9cee617a97ab1
-
SHA512
62de3ef3caf4997e0f1b02f5805a5da757c7506dcf5e6f93ed9870b6a53858dd24f588700dc2e6cd1d524291fb0fe1968169a52c53e9253244f7ebd633b89f4a
-
SSDEEP
384:tASguFmJEqu2MZ3RDil1jt9exCUF9n10jaTANQ+1Lxdprb4Y75WRkWmmca9pa:KK9JbyFUF910GANQ+1pgYg
Score1/10 -
-
-
Target
SEMgrPS/SensorsApi.dll
-
Size
407KB
-
MD5
e5d1e8fbabdbe5c74777d0ac4c426506
-
SHA1
bba47a9e25b32320cd1936423dbf926864bf90fd
-
SHA256
349eced0b6eeb7d3ace7259a93d30ebc2823b128be409a87a712709af9bb140c
-
SHA512
3a0f2ba991de7c3fe7af13bdf0c3edb0c847185f51731dfe28bfbe6eeaa3e0ce5346af833b950f39a46bd4d021ede71224a90592519af6d1667a8ef064c02fdc
-
SSDEEP
6144:xzEG0WxoKAQTrfBvjF8VcYGNfelNz2TgYlQhgppm739UL20KcG8ZKXvSCoV:xzEGTW3Q3FZ8ONo2TnlJppmznmK
Score1/10 -
-
-
Target
SEMgrPS/netprofmsvc.dll
-
Size
982KB
-
MD5
279099d020eef78ea58acfb29e9c7bce
-
SHA1
ad5d6f9b8852aa6d67972c426f0b17c83adf5142
-
SHA256
45901d087e5c6f36734b2c15a6a89bc699e0b7c78dc64cdc158a0fa9bc2426b8
-
SHA512
660d99d474d40aa7c74da97ac620f4ad1ff16c00513bcc4ecc892d66395247bf99ff6a2d658930a6eb81563b98c6243c1b306fe449538b359fa232c9de35b32f
-
SSDEEP
24576:hYn3DqOlLb1rdnArqhE38N7k8V4buY5AvGubu:hKthrdaq+R82buY5AvGub
Score1/10 -
-
-
Target
SEMgrPS/wcimage.dll
-
Size
133KB
-
MD5
15f2604eea46c00e3b11c50ae6fad557
-
SHA1
c498e3c70d008f7ab7dee2326bc4c7106070e58b
-
SHA256
39562e3973e08f78a4289b0120dd411c8e02afe40544ebc75515ddcf0673ccd2
-
SHA512
f921965e5b2f32a69e29d2e0b1acd6cf0720cf59cb9035d89db6ce9d6486ad83eb5c3eb5b7073767a8cea501859e2a9579d1705406b551098f3dee8d96b65f7b
-
SSDEEP
3072:uQc03QjzlDpfC3+uDQGQAOzu2IpdOcLpy:uQTqDp63px5fL
Score1/10 -
-
-
Target
dsreg/dcntel.dll
-
Size
768KB
-
MD5
34a0c0ceee88cc435a273253cac4ec07
-
SHA1
bf66c56aecbf52d26435ae2c85129a909dc6a8a7
-
SHA256
86eabe6da51fcf15428fd945492e27075721e3d857c987fe1a830a0f6f7dd4c6
-
SHA512
2f5d69938cfedcf5b3c5edabf181f3cdb9525e1604ec5ed262407217ad8c18dcd6e649d5ade95c9535809527a5a0c83de6f2cf9859b4dbb7047d2e86d502e1e9
-
SSDEEP
24576:LHo2SKj92XYJWOKMs8cPbM1TjRQX1cs2vbF:Lr3yM1s2vbF
Score1/10 -
-
-
Target
dsreg/dsound.dll
-
Size
601KB
-
MD5
e6a43513ff267eaf7a112f94a403a5a5
-
SHA1
83f7c1ab98eac5164c9ea1ef6f78a84e55d1bc35
-
SHA256
7e7d1d2e2dca3d228a4a1c6a33885096cc884281a69963670851aa51cf093d1c
-
SHA512
b5b6e594e812eb59e356c145fee898437310f7f8eb3b3ae29dcce7c69b031f81bb6689f0b69d32a092c98dafaaa26dee4c75af6cbb6b04102829a9f1e21104a5
-
SSDEEP
12288:cyoaj7w9oRy7KL+J0vam7sKNpx15sW/azNQNkplGc:cyoaj7ZRyEvaQ/2CmX
Score1/10 -
-
-
Target
dsreg/dsreg.dll
-
Size
1.3MB
-
MD5
5b6c5c26411cd43954f844d4fb4c7052
-
SHA1
25ae08d1ba263dc838032e0167c90a2fb99dec67
-
SHA256
c07f170f5e59e35778067b9681c7fe31c0155a031e699777857cf034c9bcdda8
-
SHA512
813e13e5cd9553dca3dacd1d0d4c1d33370cf50ed3b8c7e335e0d08a3dd5b4a1e4897b1efbc94f83aa6657b17fe9a435ff24e72afea65ed94145cdd0197f049a
-
SSDEEP
24576:YRVIRLu0lcAE/VOJg85uTtsGxOOfaJJ3ASAVZOxgAR6sFcp8qdtyuPW0iEpbL7eC:YRVT0TUOq85uTtJx9WdUSGeKQlW6ix
Score1/10 -
-
-
Target
dsreg/sensrsvc.dll
-
Size
177KB
-
MD5
0bcffad6f3b180dd60c941b01768f733
-
SHA1
38208d521a1b1d93bd278d44f3cf86243e5a6081
-
SHA256
a0b73c1bf636f14504b69606999287b6fe148c958a4f6e31e9022ff129a048e0
-
SHA512
1cc351de4ce989a3a760fd9289fa265da4fb6b4b6dec037757c971698637ea46ffa5aae2a6e7b27774d79faa459fcf8d6fa80fade18f7437bd490b4058573627
-
SSDEEP
3072:7DVv4LAk756j4WlWM+ks7VKqTbykTXqIFWMcgiurms+alt:F4LAKVWgM+EqykTXncur5
Score1/10 -
-
-
Target
netprofm/TapiSysprep.dll
-
Size
13KB
-
MD5
960f26b09aa9002e0e1fb05a0f10f78c
-
SHA1
c578efa3870517ef5d7994081331a084bada01a1
-
SHA256
dea8d882f6492786d680ae5d94f6f107b072aed8e6ca4f968725d9752cd12d60
-
SHA512
7c1af5de3e8f1b60e02188720943d3da0de71de030d3e648b9dfc10b871fe13c73c41225556839ff4bcbff53adf71aa5cfd69fdae0a892cbbc3599cc0518f7d6
-
SSDEEP
192:/VWqpdfXRVpTkTdCk3gpKghDk8aFl0HvWOopbW:/VJpdfuTfgpqpYvWOabW
Score1/10 -
-
-
Target
netprofm/netprofm.dll
-
Size
225KB
-
MD5
77f52e2dd1dc997e6c533748d9f095f4
-
SHA1
39d72d89d0e88a5ff718dc318b391c258fd53509
-
SHA256
7fb531ef8583d7942efcf16d586b17e1424b548a2894ac0b6541291b38e250ce
-
SHA512
00fd5dc4a1d5d5f2bb39387cc26732fb3c370fc211887ea5df76636229c3be1d2baa46f30b732d5ea70da3e1821e4407a019437cc22bb87fac7766f2601e6b31
-
SSDEEP
3072:5pZaAxmzQ6U7RLmruZ8qBhrzZ4eXYWtQyE7D9Wr02kqvXkTtcbz0Z7:rpIzQXLCuZ8qBhCUPlXkTt4Q
Score1/10 -
-
-
Target
netprofm/rpcnsh.dll
-
Size
33KB
-
MD5
c5adbe46703a1db31a0c6ab7245f2da6
-
SHA1
4cc8c03ed4b9ffc2566815954771f782b922b651
-
SHA256
bff0b93f9071a867d514d6de196e1368f655bcf54d4fc1623ee043cdb1cdbd77
-
SHA512
d73821a2dca2c2f3dbef5939053d00cd89f34b437e82f0077395c8b22ac297980514241c1b5c321c2765c0aaa5c12bd0ec6460a55bc6426d2064b6f147aea085
-
SSDEEP
384:gJDA9T8UqV2bojUJvlPmMka1+02C6BkZNAM9xUFt2QiVbzBxBH/5eauCVvT0n1rg:L8U9FwE1+00BuPA45t1xZl9VvghJa
Score1/10 -
-
-
Target
netprofm/socialapis.dll
-
Size
142KB
-
MD5
d2c1d58bf9c0240e742e10969839ef53
-
SHA1
f67e87b2e53c712ecfb0472a2c6ee6234f1f828a
-
SHA256
387008f345ca655f9380a3e2e0ec1929a08a9bb8b452532ad2924173c5c24f2f
-
SHA512
eae61aa14836498ef3d7de5c824ad4a4de1557d077a371242a6d1a7b12a53880d3e2e6159a3f6f8bda1ad1b069d9768c9780b92a28fcf51403aee5839fcf1b25
-
SSDEEP
1536:6zZVvrXuv37p7cz3rEe5upcWmoBGOa2XXE19Mh/INEUSMWI0+EYBWUu7yd853RDZ:6HkWT0JTGOa2XXE192IVr100eyW5RDZ
Score1/10 -
-
-
Target
pcwum/AppxSip.dll
-
Size
268KB
-
MD5
577dbb84e03e995d507840258c52913f
-
SHA1
cb1d426d26a3e966d29a6a28f94ed5273c21d759
-
SHA256
c8ed0608c107745d56fcdf34cac855602c65dc1a612c173f4057cbd30fbf2058
-
SHA512
90263941720d4498cfe588ecc7c713f04ce2431722b918859c555041be1823ace5163306c3e273e92fde0d472b3bb494acc37b26982a269116b64ed13aa396cf
-
SSDEEP
6144:cTXUiOy2C35UKI+EqJNLo/AKjJIcLIT9mAD:cTkFy2aI+FLSHjJIcsR
Score8/10-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
-
-
Target
pcwum/asferror.dll
-
Size
2KB
-
MD5
095f83f3a59c1fe3f0fe09b83fcb61bb
-
SHA1
53150630afd41a9f79a6c8ad283d26da7901d502
-
SHA256
f19af37f7a6df8bf1d1d75ad7207f2398facf275230a158c0ed16431b7d95e09
-
SHA512
7dcdb173f8f3e201ed5070f4802d44d70e580fd2cb60a9a74e8de005b86ab3b3204e9a3221ebbe64892d02232aab884fd5bba89af02cbc49f11fa77f4ef019c9
Score1/10 -
-
-
Target
pcwum/pcwum.dll
-
Size
22KB
-
MD5
642d98f94f04a764b0fd6ed931ff6bb3
-
SHA1
8ae640ca0f07db4c23c3e07b12270337a921e33f
-
SHA256
e72268a93a94b68b749c146d02918635440ff8440c64bd939d9fc5f9a62e0a36
-
SHA512
ee9afb4504ffb47637960c450cef71c63e5b2de47aae1263230de3eb1f8604b47eccbde958261ffe014a564749816a1e7d72672ac3256e0693df49b6c97b2e94
-
SSDEEP
384:pWYGKlPRPSxncPF3WZ1WNhKvpdm15hRYD1IDBRJtZifl/zdi/iy:r7PRPSxBx48I1P21y
Score1/10 -
-
-
Target
pcwum/pdhui.dll
-
Size
61KB
-
MD5
2b0e1517dbb0e067d82fe2d47c372a8e
-
SHA1
67a80548f78cab22cf81b93f3181d689c44b26e3
-
SHA256
6cb757959ab8200999ae91a0ccab15967fa1ed101c90de195e26397b6ef6c070
-
SHA512
576b9b8d47736939ca99adbb831758addc55e85d875f5ddfd8a5e633f58f5786b00a020f0017582e3545f110a6b730d1025685cfeec024aa837efe8f8caf48c5
-
SSDEEP
1536:7rLxh5fUGpp05BqxFGRqg8qAAjGJIBF+qU2:7r7pUGp058xNN4jGJIBF+qz
Score1/10 -
-
-
Target
setup.msi
-
Size
25.2MB
-
MD5
97fe02652a163aa97ecede3d2c89aab6
-
SHA1
927aba81a9f802c73ce0806ce0afc9cd914f879f
-
SHA256
64b93fbe2402bcdec46248a164485e12e2800df091a5708fe8741cf446105036
-
SHA512
3dd59ceabd2c4b07c9a4d0561ceea16bc1a52cd91ccaf852597fe63726c617c40c0433b2710035b9c3467d156ace859978d138f71f01087c92033b9c0b5391d8
-
SSDEEP
393216:F+wLUMdp4/HgS9q/FmxTgWHx9N4b9jR+7NE1nX7nyRs9cRfxn8XGQUigBJ:F+5MdEHbgFmxsWR9Ni9N+RE1XC82Qi
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Installer Packages
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Installer Packages
1