Overview

overview

9

Static

static

3

SketchUp.P...40.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SketchUp.Pro.v23.1.340.exe

  • Size

    175.5MB

  • Sample

    240630-c5wg4ssfkd

  • MD5

    cb8399ff8c656697cf226ac5797c6826

  • SHA1

    4eddcdf972e0b376ee40d511b5f6c08b387927fc

  • SHA256

    e5e01118ce44b280872170d116ad73df5861230e37b4430c2a8d5d4c5a24a3f8

  • SHA512

    546a4d8a0b71fac177704bd7c10be5741190ed524b40f7f7567e40312820234725211e77b3c575e84c92957b267060b06810f58d270ed63fedd3eea3f25a4635

  • SSDEEP

    3145728:Q2fgcm71h+rsRJ3/ePTiFzDiP9P4567vyoOSMUmP3gZFWZz+ThlgyHlFm6xy8ND:1f67iOwLi9SJ4567vyjUSqW5oqyH7g8Z

Score
9/10
bootkitpersistenceprivilege_escalationransomware

Malware Config

Targets

    • Target

      SketchUp.Pro.v23.1.340.exe

    • Size

      175.5MB

    • MD5

      cb8399ff8c656697cf226ac5797c6826

    • SHA1

      4eddcdf972e0b376ee40d511b5f6c08b387927fc

    • SHA256

      e5e01118ce44b280872170d116ad73df5861230e37b4430c2a8d5d4c5a24a3f8

    • SHA512

      546a4d8a0b71fac177704bd7c10be5741190ed524b40f7f7567e40312820234725211e77b3c575e84c92957b267060b06810f58d270ed63fedd3eea3f25a4635

    • SSDEEP

      3145728:Q2fgcm71h+rsRJ3/ePTiFzDiP9P4567vyoOSMUmP3gZFWZz+ThlgyHlFm6xy8ND:1f67iOwLi9SJ4567vyjUSqW5oqyH7g8Z

    Score
    9/10
    bootkitpersistenceprivilege_escalationransomware

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks