b257911d5debbeced8ec162a06760ce49819001a02b5f508d4305f8ef9701df2 | Triage

Submit
Reports

Overview

overview

8

Static

static

b257911d5d...f2.exe

windows7_x64

8

b257911d5d...f2.exe

windows10-2004_x64

4

Sharing

General

Target

b257911d5debbeced8ec162a06760ce49819001a02b5f508d4305f8ef9701df2
Size

424KB
Sample

220213-na59lshbg6
MD5

afeac971ffe5bab0bf3da53291b523fe
SHA1

f1686e5d05dfb82662cea2907b2e9685d6641755
SHA256

b257911d5debbeced8ec162a06760ce49819001a02b5f508d4305f8ef9701df2
SHA512

a065544135927cd13c547faf19e0135e7ad3f84b503f99ae4f82628643aadca6eabfa3ab7025bbc9f1efce854b6114db71d63cac8ff20b789d3385f238d1cd04

Score

8^/10

discovery evasion exploit persistence

Static task

static1

Behavioral task

behavioral1

Sample

b257911d5debbeced8ec162a06760ce49819001a02b5f508d4305f8ef9701df2.exe

Resource

win7-en-20211208

discovery evasion exploit persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b257911d5debbeced8ec162a06760ce49819001a02b5f508d4305f8ef9701df2.exe

Resource

win10v2004-en-20220112

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  b257911d5debbeced8ec162a06760ce49819001a02b5f508d4305f8ef9701df2
- Size
  
  424KB
- MD5
  
  afeac971ffe5bab0bf3da53291b523fe
- SHA1
  
  f1686e5d05dfb82662cea2907b2e9685d6641755
- SHA256
  
  b257911d5debbeced8ec162a06760ce49819001a02b5f508d4305f8ef9701df2
- SHA512
  
  a065544135927cd13c547faf19e0135e7ad3f84b503f99ae4f82628643aadca6eabfa3ab7025bbc9f1efce854b6114db71d63cac8ff20b789d3385f238d1cd04
Score

8^/10

discovery evasion exploit persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Possible privilege escalation attempt
  exploit
- Sets DLL path for service in the registry
  persistence
- Allows Network login with blank passwords
  Allows local user accounts with blank passwords to access device from the network.
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

File Permissions Modification

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Remote Desktop Protocol

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryevasionexploitpersistence

behavioral2

© 2018-2024

Terms | Privacy