289477f12b10e6b770b40d4c0fb028b1af46b295a91030793c7188abe9774d0b (SHA-256)

Malicious with100% Confidence 

DeepView Sandbox analyzed this file last week and declared it to be malicious.  The Sandbox’s unique and patented methods – specifically in this case, automatic sequence detection (flagged by [ASD] below) – identified 1 indicator.  (ASD is one of SecondWrite’s patented methods; it uses machine-learning based on 100,000s of samples to recognize malicious sequences in code. The full DeepView Sandbox report with details can be viewed at:

REPORT HIGHLIGHTS

Type of Malware:  Worm

  • [ASD] Automatic Sequence Detection maliciousness scores: 76%

Evasiveness Indicators:

  • A process attempted to delay the analysis task
  • Checks adapter addresses which can be used to detect virtual network interfaces

Other Compelling Indicators:

MITRE ATT&CK Indicators:

MITRE TacticMITRE Technique
Command and ControlCommon Used Port Custom Command and Control Protocol
Defense EvasionNTFS File Attributes Software Packing
DiscoveryVirtualization / Sandbox Evasion
Persistence        Registry Run Keys / Startup Folder

Selection from The Report:

Malware Of The Week is sourced by DeepView Sandbox using SecondWrite’s patented techniques of Forced Code Execution,Program Level Indicators, and Automatic Sequence Detection