Overview

overview

7

Static

static

3

ARSoft.Tools.Net.dll

windows7-x64

1

ARSoft.Tools.Net.dll

windows10-2004-x64

1

Autofac.dll

windows7-x64

1

Autofac.dll

windows10-2004-x64

1

GalaSoft.M...rm.dll

windows7-x64

1

GalaSoft.M...rm.dll

windows10-2004-x64

1

GalaSoft.M...ht.dll

windows7-x64

1

GalaSoft.M...ht.dll

windows10-2004-x64

1

JudgeLZT.exe

windows7-x64

3

JudgeLZT.exe

windows10-2004-x64

5

TapInstaller.dll

windows7-x64

1

TapInstaller.dll

windows10-2004-x64

1

WSearchMigPlugin.dll

windows10-2004-x64

5

WpcMigrati...el.dll

windows10-2004-x64

1

WsUpgrade.dll

windows10-2004-x64

7

Resubmissions

01-07-2024 19:00

240701-xnp9zstfnc 5

01-07-2024 18:54

240701-xkj9kaxflj 4

01-07-2024 18:53

240701-xjrbgstdrf 10

01-07-2024 18:44

240701-xdytdatbqe 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ezyZip.zip

  • Size

    1.0MB

  • Sample

    240701-xdytdatbqe

  • MD5

    78bd0901f4a5a3476c8887c73e730d30

  • SHA1

    3c04901951285ada89943d42eda7020c54e24e84

  • SHA256

    9d0547070e294e4158e6c446fa2295f5ae170f31cc64d677c5261d14caf38ab8

  • SHA512

    383e5fde5928dd91526832934a0ed7e34b502be370407e8f05c6c67a427decc328e44c0ffe6aeb0357f51c7acc751a4f8167e6e043e744186821eaec5e619c07

  • SSDEEP

    24576:DxladE0NO6cWgTzE3+3pLVuLOhkC1xepCJ1FvNJW:DxlWE0NO6cbQ3+dVuG1uM1FVs

Score
7/10
persistenceprivilege_escalation

Malware Config

Targets

    • Target

      ARSoft.Tools.Net.dll

    • Size

      302KB

    • MD5

      452def66509f01d15b43e4c57176d1d8

    • SHA1

      fb3438a1b191fb75c76d22023c3478a585756463

    • SHA256

      f1fe59774bf1fd914aea33459631837569d78e2c1a68d8c544cb498fcdbbef10

    • SHA512

      c5ded39b6f8961bf9e1b77fb07fc41ac321f2e5b9e7a0c4d3a55cf7debb483384b51a8abade6edb9601ea2871cfba65886582cceefcc5010f45c819ec30c625e

    • SSDEEP

      6144:/AUw1rf4dPEliWDLdQCc88UviewobzUY+GsKAZ:qbiy3Zc88UtFfU

    Score
    1/10
    behavioral1behavioral2

    • Target

      Autofac.dll

    • Size

      236KB

    • MD5

      f879f97c67c2d03cd47bb7ab1e6dfd51

    • SHA1

      a65ec6943e9eb3ca7001f7bc310475709a949d08

    • SHA256

      02c445f70273eff02d30055c83e77ce7434dd24f6da485b0231e88b2675795dc

    • SHA512

      882db30f98796339a610ce5e5ddd8ad161e231fdd75c5ebd3e552fbb44a618faa09904b01c7c7dcf5834a350a2170c516838bc5de363a89a3a01bb6e0171970a

    • SSDEEP

      3072:g36EQo/nAmrSwxl6g6o9We/Bwdc2lSG+qR/EWJS6A6g73yRhxgByGP/aw4cQSOhZ:gBclGKpT6zbcZAhdPSVuoxnBDPTS

    Score
    1/10
    behavioral3behavioral4

    • Target

      GalaSoft.MvvmLight.Platform.dll

    • Size

      23KB

    • MD5

      99a0483ce79d57b52b6a1eacd5f86a12

    • SHA1

      443fc60ab490eefea76859cd263fafa15fed26a1

    • SHA256

      16a051d25e5256348affa9f64a0919f69efd860c8fd3c3b28cea0a9fa126cd4f

    • SHA512

      977719f32b0a4bd10f584a0ee82e7c69664a2a75533f1a3c7799eb89bd5d7c98cece830538372fb7e2263f3c99942ada1e90de50e0ba0e59dfacb8ab8e66d20c

    • SSDEEP

      384:2KKUx+mQv787wr/igP39cVT0ojR97dKRSX8iPyZA3gs/bHMQJK2+KatfzNKFKjqI:DKnW3g/oTZjR97dJXTPyA3gs/bk29+Nn

    Score
    1/10
    behavioral5behavioral6

    • Target

      GalaSoft.MvvmLight.dll

    • Size

      50KB

    • MD5

      0fe3d6671024ea3d78aa18dd5adfa613

    • SHA1

      3dfdfa5a20c3ded2908198c85aa04b9dae024441

    • SHA256

      3baba32bdbcd1f2e715724e41ad97878bdb9fb7b7f85dfadc2f98d6cd68932fb

    • SHA512

      84b7a7104ea5cce7c713c6bc2e8c686a684b78fe4949367db6652d285d3d01ebe594070cc993456fac9a21ac2f7a39180ecaf6013d674fce4e42206d0c1c6c55

    • SSDEEP

      768:5nVF+heuJxTH6yaDSpAyYZbT0gJHTCNQYRWCiD5MaIN7UAifpzNJ2Ox/KpEsD+KQ:5VKLY5T0gUNQQiltEifpv2sCWRyIr

    Score
    1/10
    behavioral7behavioral8

    • Target

      JudgeLZT.exe

    • Size

      951KB

    • MD5

      18f16ea3096e479cc7923df5269b25d8

    • SHA1

      c0169fdb70ca980a8ca0baebb2fc3a118fd290c6

    • SHA256

      1c84f3a2fd0a00690b2a2e385d952ec3f7a7c94223fd0e3a80aff510d329d13c

    • SHA512

      5a38cf66a137a51776335f520f8b6a39db025a426b0669088f813979fabfe279c38c19504db233153865c6d0f2f759c61af751465245454498ef006a85a04d36

    • SSDEEP

      24576:vuZIdQCtwQpFZWRmqU573CYz6VJyH+np1Vu1OxkCTK:HwQpFZWRh/A6VJyH+zVueTK

    Score
    5/10

    • Suspicious use of SetThreadContext

    behavioral10behavioral9

    • Target

      TapInstaller.dll

    • Size

      25KB

    • MD5

      9cac1ad2f768d22e4aaae577097df7f3

    • SHA1

      b059d99cdd50c46948bd6e4ac264c2fe53169b22

    • SHA256

      9c050c82c065fe5e7553e73393e59d0b3ca3372e6d590d6eb074b014dab0ea78

    • SHA512

      22d59282a9b2aab81884ad1b1391c16755e895b2b79466fc163f30a8e9035498b371781ea0fab40b6e79313a9a54fe90b8903ecb8ad29471eebd02ce269a0be4

    • SSDEEP

      384:hxB7Wf+NkjZwWqXteRRUUmi/6XLNrtMQJK2+Katf5kKFKjqfvGBkSG00:/kjSoghrW29skKFKcMkP00

    Score
    1/10
    behavioral11behavioral12

    • Target

      WSearchMigPlugin.dll

    • Size

      134KB

    • MD5

      b74eb945013d95409a3e071c4029cb02

    • SHA1

      d087775c3f00e9c27842cc44bcb27c0f334a865b

    • SHA256

      2bdbbd40df3b199cd8ebfc359be451971527e602ab999e23fae524f8edab0ef1

    • SHA512

      3c1e8d24a4d0eadec0beb7c3288bbb290d018ddaa104df9e65db0de0d7543ab77c4139de6b20382925e35bb1ee303dca12b2ea418770c70dde33f26be06a1c48

    • SSDEEP

      3072:PBBD02DY32F5K7lxgtRx3aHCHGA+48xgJJ5x5N3DPZtQ68f69ru:PBBD02U32F5K7KRxKiHGAP37QXfS

    Score
    5/10
    persistenceprivilege_escalation

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral13

    • Target

      WpcMigration.Uplevel.dll

    • Size

      231KB

    • MD5

      c92661b900b934ce4e4b7d047aba74e5

    • SHA1

      abf1d9b1058fb1f14a091985bd3fa3c2e9140702

    • SHA256

      85302fc70223988f2e94c5b443afe8c95f73695f60778bdc8cd5e1316a701841

    • SHA512

      34921fccfc07d4080c22d7ff056e92df2bfee61f82212501c9c86d532131c43b2b3655e101439396b887a53180159cb372b222e649bcd7d48ed9952df0a22f6d

    • SSDEEP

      3072:aqJFmRDHgpg2Ri14Myz56tvi8UKLBWAUG/+vufW4369gNbv6K9kd+GAmA8C/y:a0otLkMVizsBXUi6qNdkd+GAmA8

    Score
    1/10
    behavioral14

    • Target

      WsUpgrade.dll

    • Size

      201KB

    • MD5

      9d99b0e88cc4eaa43141dea9e31ed3be

    • SHA1

      442e48476650e97cfac8e8088a7315b9804be0c1

    • SHA256

      061de26f44da62a17eecb71f078ef90a9c8784e7c58500984314c74b32c12e46

    • SHA512

      2a0cd7adf67e535cf4a40988d6da4ee69970694875504ea7f7e68cef19e01675557bd3021d867c2bb837d1c3e8287d710259c921967324255c53d0351c6d48df

    • SSDEEP

      3072:a0qV+qDh/7k8Rr92ZSbTP6c27UxDOUreaNQbmOhG7/tfxvharBjnt:a0qVHV1IwTPrFtOe/tzarB7

    Score
    7/10
    persistenceprivilege_escalation

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral15

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

2
T1546

Component Object Model Hijacking

2
T1546.015

Privilege Escalation

Event Triggered Execution

2
T1546

Component Object Model Hijacking

2
T1546.015

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks