General
-
Target
MicrosoftToolkit.exe
-
Size
317.1MB
-
Sample
240624-km3gpstdkh
-
MD5
d3086e8a000add3d507a72d464e82e4b
-
SHA1
16de80b98ac8cbb17863662fa1d02b6cd3151628
-
SHA256
2a9b1c1f730c4146ff4356e3c5b6329ff5ea6f022d51146b61df8d276afd90df
-
SHA512
6ed6edd5bc1604bdaecbb2b2181bdc5820d53d90477f47980aa14bbc1c081c0e178b524bb972e13df6fa134403d7ff3ac6fd6772857c32f69f7dd0efef0a839e
-
SSDEEP
196608:WXnfk307gaHtQJhl4b9m/yNhnrH1PY0Zh4e:WXn830cI+lr/yNhnrVPzh
Static task
static1
Behavioral task
behavioral1
Sample
MicrosoftToolkit.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
MicrosoftToolkit.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
MicrosoftToolkit.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
MicrosoftToolkit.exe
-
Size
317.1MB
-
MD5
d3086e8a000add3d507a72d464e82e4b
-
SHA1
16de80b98ac8cbb17863662fa1d02b6cd3151628
-
SHA256
2a9b1c1f730c4146ff4356e3c5b6329ff5ea6f022d51146b61df8d276afd90df
-
SHA512
6ed6edd5bc1604bdaecbb2b2181bdc5820d53d90477f47980aa14bbc1c081c0e178b524bb972e13df6fa134403d7ff3ac6fd6772857c32f69f7dd0efef0a839e
-
SSDEEP
196608:WXnfk307gaHtQJhl4b9m/yNhnrH1PY0Zh4e:WXn830cI+lr/yNhnrVPzh
-
Possible privilege escalation attempt
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-