29772a95fb3ed50319dc74f8be52963ee621dc151ccd94b10ea14a7123c268f7 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

29772a95fb...f7.msi

windows7-x64

8

29772a95fb...f7.msi

windows10-2004-x64

8

Sharing

General

Target

29772a95fb3ed50319dc74f8be52963ee621dc151ccd94b10ea14a7123c268f7.msi
Size

29.7MB
Sample

240705-bhqsns1crc
MD5

5421cd4bbb277efc5b163a75cac629ff
SHA1

0d20c0bb978dad6bbd9065ebfc20680c241ac1e0
SHA256

29772a95fb3ed50319dc74f8be52963ee621dc151ccd94b10ea14a7123c268f7
SHA512

c8446d76f4ec65bc3d6a3174407f88e377c8aa260ccbed083653d114271a81a91f166a7ab45ca3d1cbdf9917f8b5aebe87364da210b9160607f2fe59a76d893c
SSDEEP

786432:Ln1stHfbfy4zTE8R0BPtNg1LfjlszEJZ:GHfO4zTB8qF+zEJZ

Score

8^/10

execution persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

29772a95fb3ed50319dc74f8be52963ee621dc151ccd94b10ea14a7123c268f7.msi

Resource

win7-20240508-en

execution persistence privilege_escalation

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

29772a95fb3ed50319dc74f8be52963ee621dc151ccd94b10ea14a7123c268f7.msi

Resource

win10v2004-20240704-en

execution persistence privilege_escalation

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  29772a95fb3ed50319dc74f8be52963ee621dc151ccd94b10ea14a7123c268f7.msi
- Size
  
  29.7MB
- MD5
  
  5421cd4bbb277efc5b163a75cac629ff
- SHA1
  
  0d20c0bb978dad6bbd9065ebfc20680c241ac1e0
- SHA256
  
  29772a95fb3ed50319dc74f8be52963ee621dc151ccd94b10ea14a7123c268f7
- SHA512
  
  c8446d76f4ec65bc3d6a3174407f88e377c8aa260ccbed083653d114271a81a91f166a7ab45ca3d1cbdf9917f8b5aebe87364da210b9160607f2fe59a76d893c
- SSDEEP
  
  786432:Ln1stHfbfy4zTE8R0BPtNg1LfjlszEJZ:GHfO4zTB8qF+zEJZ
Score

8^/10

execution persistence privilege_escalation
- Creates new service(s)
  persistence execution
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Installer Packages

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Installer Packages

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

executionpersistenceprivilege_escalation

behavioral2

executionpersistenceprivilege_escalation

© 2018-2024

Terms | Privacy