9ea61336dc345e8e68c562f94a385c3831a0fe621d242f24abfbe34d28e16c57 | Triage

Submit
Reports

Overview

overview

Static

static

1

sample.js

windows10-2004-x64

Resubmissions

01-04-2023 16:33

230401-t2seqabb77 6

01-04-2023 16:19

230401-tsjq8abb34 10

Sharing

General

Target

sample
Size

13KB
Sample

230401-tsjq8abb34
MD5

0a1d0cb632a7f7cde057b8c11c1248a2
SHA1

651caf0aa2637d0b56411f1679eb68f43a7b00b2
SHA256

9ea61336dc345e8e68c562f94a385c3831a0fe621d242f24abfbe34d28e16c57
SHA512

f911550898a737cd17c11e0056660ba83b4a577baaeba85c5fea5f5119cb0cd8226f6176b0afafe163a57223c60b5767aed10211f6fde22eeb42aaa0f535524a
SSDEEP

384:rN+0ElzeVoOsKlElKeGM0U8HhhbNAq28rtGk:rc0ElCVoOsKCI1MeBhb60rr

Score

10^/10

microsoft evasion persistence phishing ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

sample.js

Resource

win10v2004-20230220-en

microsoft evasion persistence phishing ransomware trojan

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  13KB
- MD5
  
  0a1d0cb632a7f7cde057b8c11c1248a2
- SHA1
  
  651caf0aa2637d0b56411f1679eb68f43a7b00b2
- SHA256
  
  9ea61336dc345e8e68c562f94a385c3831a0fe621d242f24abfbe34d28e16c57
- SHA512
  
  f911550898a737cd17c11e0056660ba83b4a577baaeba85c5fea5f5119cb0cd8226f6176b0afafe163a57223c60b5767aed10211f6fde22eeb42aaa0f535524a
- SSDEEP
  
  384:rN+0ElzeVoOsKlElKeGM0U8HhhbNAq28rtGk:rc0ElCVoOsKCI1MeBhb60rr
Score

10^/10

microsoft evasion persistence phishing ransomware trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

microsoftevasionpersistencephishingransomwaretrojan

© 2018-2024

Terms | Privacy