11c9544fc6c35f5488579168eb1953cb4d874c744dd97cc05fc0cfa5fa07b855 | Triage

Submit
Reports

Overview

overview

9

Static

static

11c9544fc6...55.exe

windows7_x64

9

11c9544fc6...55.exe

windows10-2004_x64

4

Sharing

General

Target

11c9544fc6c35f5488579168eb1953cb4d874c744dd97cc05fc0cfa5fa07b855
Size

448KB
Sample

220213-swgkladbfr
MD5

808189ade846e9d5855baed60727ee6e
SHA1

45a356565238d83b726852a4a69fa764a00c62f0
SHA256

11c9544fc6c35f5488579168eb1953cb4d874c744dd97cc05fc0cfa5fa07b855
SHA512

93542e23f5ffdb7bedc98b63595871d4da488d90e19e0e214de204ed11390bb61fddef239ebb51720372317da208a7aeab3d7783f5b426817a0b12993a6df010

Score

9^/10

discovery evasion exploit persistence

Static task

static1

Behavioral task

behavioral1

Sample

11c9544fc6c35f5488579168eb1953cb4d874c744dd97cc05fc0cfa5fa07b855.exe

Resource

win7-en-20211208

discovery evasion exploit persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

11c9544fc6c35f5488579168eb1953cb4d874c744dd97cc05fc0cfa5fa07b855.exe

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  11c9544fc6c35f5488579168eb1953cb4d874c744dd97cc05fc0cfa5fa07b855
- Size
  
  448KB
- MD5
  
  808189ade846e9d5855baed60727ee6e
- SHA1
  
  45a356565238d83b726852a4a69fa764a00c62f0
- SHA256
  
  11c9544fc6c35f5488579168eb1953cb4d874c744dd97cc05fc0cfa5fa07b855
- SHA512
  
  93542e23f5ffdb7bedc98b63595871d4da488d90e19e0e214de204ed11390bb61fddef239ebb51720372317da208a7aeab3d7783f5b426817a0b12993a6df010
Score

9^/10

discovery evasion exploit persistence
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Possible privilege escalation attempt
  exploit
- Sets DLL path for service in the registry
  persistence
- Allows Network login with blank passwords
  Allows local user accounts with blank passwords to access device from the network.
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Account Manipulation

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

File Permissions Modification

Credential Access

Discovery

System Information Discovery

Lateral Movement

Remote Desktop Protocol

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryevasionexploitpersistence

behavioral2

© 2018-2024

Terms | Privacy