hxxps://www[.]syssel[.]net/hoefs/software_uxtheme[.]php?lang=en | Triage

Submit
Reports

Overview

overview

8

Static

static

URLScan

urlscan

https://www.syssel.n...

windows10_x64

Sharing

General

Target

https://www.syssel.net/hoefs/software_uxtheme.php?lang=en
Sample

201217-hlzznj36na

Score

8^/10

bootkit discovery exploit ransomware

Static task

static1

URLScan task

urlscan1

Sample

https://www.syssel.net/hoefs/software_uxtheme.php?lang=en

Behavioral task

behavioral1

Sample

https://www.syssel.net/hoefs/software_uxtheme.php?lang=en

Resource

win10v20201028

bootkit discovery exploit ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  https://www.syssel.net/hoefs/software_uxtheme.php?lang=en
Score

8^/10

bootkit discovery exploit ransomware
- Executes dropped EXE
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
- Possible privilege escalation attempt
  exploit
- Loads dropped DLL
- Modifies file permissions
  discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

File Permissions Modification

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

urlscan1

behavioral1

bootkitdiscoveryexploitransomware

© 2018-2024

Terms | Privacy