2b6affc9be01a4b1197a44ec4506fca3f6fa06d19a0c23654547ebb56ea783bc | Triage

Sharing

General

Target

b8b63a9681b393621958a6acf063927f.bin
Size

44.8MB
Sample

240701-dptt1sxgmp
MD5

b8b63a9681b393621958a6acf063927f
SHA1

af1d751a67ab36fbba7e9a5c5d127b99d1e13af9
SHA256

2b6affc9be01a4b1197a44ec4506fca3f6fa06d19a0c23654547ebb56ea783bc
SHA512

ad43a6fdfc9b5f64a175ea3b1d669aa409627905b7a5dea6f4d8a90b51311f825609c922be7b0d94984e8df69b0b17eba245c9020eba5d86121842498835f304
SSDEEP

786432:zU/xdQQDG+8Nf0Ah0MTYcyHV3I9dXrTnHriLb0BVH2h9TVbn5pEvf9uyil1IY2Nv:YZdvDG+wF2HyfnWEDH2zp5pEvSMwSZ9

Score

10^/10

execution macro xlm

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://github.com/wixtoolset/wix3/releases/download/wix314rtm/wix314.exe

exe.dropper

https://github.com/wixtoolset/wix3/releases/download/wix314rtm/wix314-binaries.zip

Targets

- Target
  
  PowerToys-0.79.0/.pipelines/applyXamlStyling.ps1
- Size
  
  3KB
- MD5
  
  40ca3ad8d173bccd265c3564a0ee2102
- SHA1
  
  00fbc7c33b250b571e761f0820accb0327a5765e
- SHA256
  
  24172b55f48ef37cace29cb928af4a3d38e2a00e2bc9fdf095f7a9dd3d21a7e8
- SHA512
  
  2bfedfc0f6a46984ec16fd3cf2e0c2ffd81070d0cb698a64176723020bfc14a5dfff460fc30362147a195b5f3b41b9dc05427410de4345b5c41a5b705584d9a7
Score

3^/10

execution
behavioral1 behavioral2
- Target
  
  PowerToys-0.79.0/.pipelines/installWiX.ps1
- Size
  
  1KB
- MD5
  
  1c6a724d851d6564b11e1e5622ff9f20
- SHA1
  
  89fc514f1c99f9b82699ddbc1bd01ef8f996094e
- SHA256
  
  c9c90b57a2e22ae1633cafdaafc3ba2544519982873462874718ad1c1a530a9a
- SHA512
  
  60d8603e109a606b0c3cbf1bed386d790b1a42fa61eebe3b50420111fe90476c07d625032ee5c8ff82c6df47b671f6fed7657cba87a9a6659552e3dbcd4c9583
Score

8^/10

execution macro xlm
- Blocklisted process makes network request
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro xlm
behavioral3 behavioral4
- Target
  
  PowerToys-0.79.0/.pipelines/release.yml
- Size
  
  18KB
- MD5
  
  c4e1f3ee83ec76efc5d64995fab2da1a
- SHA1
  
  e308423eb6ed11d3118955a60475466af2a70330
- SHA256
  
  8c71c1ad9af5dd2f8dc2f3a6a910b026a8bf7c9dfe95f206a8df6b095e702944
- SHA512
  
  9c3c17c3cf6eb293a6027b4796c3938afb5251a2f5c3c5b3d2e0e29c721d01c77028983e728c868ba42b3e4d25075ad267cd86d3238d23e5816fa6d1edb95a26
- SSDEEP
  
  384:dHG4nkj/WZmOrefOo5HrFy48BXjNR+8cRB2scZ:9RkaU98BXxR+8J
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  PowerToys-0.79.0/.pipelines/verifyAndSetLatestVCToolsVersion.ps1
- Size
  
  515B
- MD5
  
  2ce19756ebdf54ccfed769f2546a379f
- SHA1
  
  accfadf6e59dd9f8ac9855fb790e2647d5ae4840
- SHA256
  
  c1241ae3aba07beb3793b699a348ad3c2525cb321814401cbae8381a3530ba7b
- SHA512
  
  f693412cce20707ecf49edbb7ae952b9246ce179f50c3f98c2c105a84573237555ec79b247c62a36c93a2b9a5809c9d5e86783f913b3b34470b5fda21ffa29db
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  PowerToys-0.79.0/.pipelines/verifyArm64Configuration.ps1
- Size
  
  2KB
- MD5
  
  9cb55346d48cdd1f9ab943986f89fdf6
- SHA1
  
  e11b388b6d4fdb05434f7718757c4118a91dda9b
- SHA256
  
  e9f3d0a89a9bbaf1de80bbff676a02d672ea77144d41a15391553933b93719b5
- SHA512
  
  7d82490aef6340774d85900df3f470f52c4421a168e7b73e1f401dcf96579ee30d18bad4b48ede0b675efe8f52ead24948d1c6a22a39526dc5ed6c7507459864
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  PowerToys-0.79.0/.pipelines/verifyDepsJsonLibraryVersions.ps1
- Size
  
  3KB
- MD5
  
  e4604137ce48231350a0412b605c5739
- SHA1
  
  58cb76ab26e92bf38a447662d4d0858810452f88
- SHA256
  
  64bc3630b923fef59d3190d97c7f3e3795dcca7c527a204265c3dc2c0095065a
- SHA512
  
  8a1e060a1769c72b804658c013d6d011802c26bb5fe77a31a873bc5ddfeacc1455179b177a5f1d895059853abfde402b4bc32abdc7b93a384e683319084e69c8
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  PowerToys-0.79.0/.pipelines/verifyNoticeMdAgainstNugetPackages.ps1
- Size
  
  2KB
- MD5
  
  2bae3510b9857b94e6e864e2b373d5a9
- SHA1
  
  eaedda3cdca6adc24ef2c05b54851a1b8cd5de7c
- SHA256
  
  bf3e26eb95e8c47dad2044f01ac66f4d068717dfb351a8598e0eda25ae0eb348
- SHA512
  
  41c358f590702ed3bcdfd39e488e1a475359ae0de5b17c3dfcf1a794e4cba4fa1b33af60a5570df5e3b8f24e396388877af28783b7d6755e17f2797e8efc4b7d
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  PowerToys-0.79.0/.pipelines/verifyNugetPackages.ps1
- Size
  
  338B
- MD5
  
  4ca06b01b0e35477a8cbdffc902fc93b
- SHA1
  
  4a5dfff3df0596c4a42b69be58a81c125c2b5601
- SHA256
  
  6cfeb4f6cc488f66d4ee439ed426d50fd80eec7e0016935c45364aa84fb2d54d
- SHA512
  
  80eb0cda8937af4b3a1d59f11f22d65bddc7ead2fab2928030bf2cd7215ad4cae7729a1b2629d8ded34da8fdcba795aabca90438a978a1ba02ab146da2b49638
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  PowerToys-0.79.0/.pipelines/verifyPossibleAssetConflicts.ps1
- Size
  
  2KB
- MD5
  
  920087de729d85941b31f7802399b79f
- SHA1
  
  1b94ce9b31f9e7c5fab5372030c94fb5560dfa56
- SHA256
  
  1c64648cbf411084b09f84b9deec9aef9a009f1cede4a1dadff22fc10ba6884a
- SHA512
  
  5ba9baf99cbf5c5a02dc4ac622927d6bf106180c369fbfe797ee4c40b3480960de5eae6413fb264f5525921ed8d6a5a62b8c24738d0790cb3156d8367442502f
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  PowerToys-0.79.0/.pipelines/versionAndSignCheck.ps1
- Size
  
  2KB
- MD5
  
  060328ac1086317fa330b2a27268261a
- SHA1
  
  72693bb672998e9058fd477178bdfbc8101c1b42
- SHA256
  
  e2497a7c49b79d84ed839032e5ce524330ce731be36a3d51dbdeba42087dc68c
- SHA512
  
  6867afe37887af08e9e46cea1ececcc3b3960752ae3965c57c8551299e8d77c8e62b552b8608c790f65d00531b7f38060fea570db797ad9cfc616d36508a3c4b
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  PowerToys-0.79.0/.pipelines/versionSetting.ps1
- Size
  
  2KB
- MD5
  
  82eb635859a3cc0624b0d941da1d3dde
- SHA1
  
  ed7b682eb29746d2381eb3c826702944647d0a80
- SHA256
  
  e793eff68ca1bbf7c5206d01f14fc7e5df121850e071d0857e348aad501c4713
- SHA512
  
  ca78f62c7f7d7b11d229b5a45116e917c8cbbfdfcab30f10075d39d71c9d2e25bdd49d0031a425bf8e73bef9fe9daaa9e768a7efc05ab1be91fd538f46b22994
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  PowerToys-0.79.0/doc/devdocs/modules/launcher/plugins/calculator.md
- Size
  
  4KB
- MD5
  
  eb19fb8dea0cab8fa05fd99bdd10764f
- SHA1
  
  c4c705d2eadc82d5ff7d62626557f2cdbd7c6784
- SHA256
  
  fce59d9a95c92bd0fe4dacb3207e4d4222cca6b7f4628e9e63e8cd5e8c014f5c
- SHA512
  
  3b8893fd2dc7aa1a5b7e803c0b2d2d28cdc161ba0775898cedb1382947788dec595b9c70b70d6d7ec53313bc7e74a582178a18cc19388a648f225b01d3b3e391
- SSDEEP
  
  96:N1e9grG/95nYnunsuJ4rudu5RP/PnsLuXugu0buU3u3ouUNuaMfuaCAuduW8u9u+:NzrinYnmsy4rEQxXKKHrb73ao/NJMfJM
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  PowerToys-0.79.0/doc/devdocs/modules/launcher/plugins/onenote.md
- Size
  
  1KB
- MD5
  
  038bc72be54de8df5f2d5decbac93a28
- SHA1
  
  84d151f9841e79ebc69cf23d5767a310955eb7b5
- SHA256
  
  baa18080b76bad8735f35e12525adf6274b92667d55b532ddd37bb6382d3b0aa
- SHA512
  
  ed7f1ae2072b950a05d78376e4a327a5a2d7e518566bb50422c71a318c10df23c370f99af6debed99284ab1e069ba6fb04035ce74db166fc644da7c5f9434dc3
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  PowerToys-0.79.0/doc/devdocs/settingsv2/runner-ipc.md
- Size
  
  2KB
- MD5
  
  9e60689f7994f27388758da572ba650d
- SHA1
  
  322981118133fa9bc3027bd4aa27d73b86ae81d3
- SHA256
  
  023ca834bbbfd55236385ff1f7c7a58c95ea84bbd82a777c5baaaa0d97dc2ed6
- SHA512
  
  4a4a93b98fc1b28f567ddd6d00e8eff16a9f4086f85a151e2dc1c049bf115b6813edbf5c366e4c0343fe1a0c2bcf3d8fc38ee9dc3cea3877209b218cf33fee6c
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  PowerToys-0.79.0/doc/images/icons/PowerToys icon/AI/PowerToys_UWP_Assets.ai
- Size
  
  851KB
- MD5
  
  6378ad8f92bd6d62dfcc75d346835e4a
- SHA1
  
  b133c642676157358506d81053f8e86da32dc81b
- SHA256
  
  9901f9f4d43db1fe2a037943634abaf7e3d3f4912f6b9fde0d0c103b673c41a7
- SHA512
  
  e0c2289a7a20ce4436c2dcef1f6beb234565f6a9a9557ad512120a2d7b98b1e2905b9b6ee1ff79a221815c28b3632d46760cae878755bbb44a46f170b92d82f0
- SSDEEP
  
  12288:4jhY0VLX4rnxTC1MJ55P+Ie/LtZAUfM4eV4lt4CnfggfOFAhTnz0782UQYwuQi2:yY0VExTJVP+Ie0kMMT7uAJz078FBQi2
Score

1^/10
behavioral29 behavioral30
- Target
  
  PowerToys-0.79.0/installer/License.rtf
- Size
  
  1KB
- MD5
  
  5eceaeb4ea528dbba51572161b68e50f
- SHA1
  
  adb89b84c9dab0326b01cbbd65351b7581035fe1
- SHA256
  
  69a9f5edbc4c510e7415fe9c973068ecf4267c0ff985e3635541138bc6014251
- SHA512
  
  a4b5ad62cf0e0729f1bf4c0cf129e46bf4a89837af4d34dfd06b52654caad2d6944f42093ae735b4895b5cd71808cf2aa0768224176d89b7d2eee2441ccd41c9
Score

4^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

executionmacroxlm

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32