General
-
Target
Essential Mod Installer.exe
-
Size
9.4MB
-
Sample
240630-vjeata1cmc
-
MD5
56a56b1d2ff754722fb0c95d55683e62
-
SHA1
e1dfdb5654d8e98a43a6d385cb5dc5a2b317865f
-
SHA256
07721b32b333bb894f484314cd56348cf973bd2f4a7ab91235d0a9bcfd6bcd16
-
SHA512
0e48d5cb94dce5a8130b6b5e4f2d728be2e73b5bbcf58ca64adf8ce068530b072a8859cf744cabb69113f12547198fa170f81798e14ac083efb1732ca65a8799
-
SSDEEP
98304:NTNrr65GwiQ8f28SpIxu80VbTmiXUd1hex0X4eSCHz3k2Ny:9tf2Ty1hcSPNy
Static task
static1
Behavioral task
behavioral1
Sample
Essential Mod Installer.exe
Resource
win10v2004-20240508-es
Malware Config
Targets
-
-
Target
Essential Mod Installer.exe
-
Size
9.4MB
-
MD5
56a56b1d2ff754722fb0c95d55683e62
-
SHA1
e1dfdb5654d8e98a43a6d385cb5dc5a2b317865f
-
SHA256
07721b32b333bb894f484314cd56348cf973bd2f4a7ab91235d0a9bcfd6bcd16
-
SHA512
0e48d5cb94dce5a8130b6b5e4f2d728be2e73b5bbcf58ca64adf8ce068530b072a8859cf744cabb69113f12547198fa170f81798e14ac083efb1732ca65a8799
-
SSDEEP
98304:NTNrr65GwiQ8f28SpIxu80VbTmiXUd1hex0X4eSCHz3k2Ny:9tf2Ty1hcSPNy
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Active Setup
1Event Triggered Execution
2Image File Execution Options Injection
1Component Object Model Hijacking
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Active Setup
1Event Triggered Execution
2Image File Execution Options Injection
1Component Object Model Hijacking
1