35b0a6cc54e58f30ab84638d5b9b24b07ec4796ebf1a1e534ec0adcd0f4edf9f | Triage

Submit
Reports

Overview

overview

8

Static

static

7

Toolkit.zip

windows10-2004-x64

Resubmissions

27/11/2023, 14:24

231127-rq2sxaha9z 8

27/11/2023, 14:20

231127-rnfsnaha8v 7

Sharing

Copy URL Twitter E-mail

General

Target

Toolkit.zip
Size

244.2MB
Sample

231127-rq2sxaha9z
MD5

8171ae1ffadf3413b70e458bb9bd3261
SHA1

5f19afc55842408d995507d81d5656e46b871b2c
SHA256

35b0a6cc54e58f30ab84638d5b9b24b07ec4796ebf1a1e534ec0adcd0f4edf9f
SHA512

919f0ca40dafad97b18bab234f41b536f54aa3957c4673adabe861151e6b868d9620aa5d4e53b0a0f2a2474b9e715a5167230da3e787da5fa02e4496039f449f
SSDEEP

6291456:sM//b7cvHyXgFcsJ0hi87SYqIE2BIzpGV8EvOfnFTsd3BsiHF8:sMnUvSXgJ0hi82YqI292hv+nFTCRhu

Score

8^/10

discovery exploit persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Toolkit.zip

Resource

win10v2004-20231023-en

discovery exploit persistence

windows10-2004-x64

18 signatures

1200 seconds

Malware Config

Targets

- Target
  
  Toolkit.zip
- Size
  
  244.2MB
- MD5
  
  8171ae1ffadf3413b70e458bb9bd3261
- SHA1
  
  5f19afc55842408d995507d81d5656e46b871b2c
- SHA256
  
  35b0a6cc54e58f30ab84638d5b9b24b07ec4796ebf1a1e534ec0adcd0f4edf9f
- SHA512
  
  919f0ca40dafad97b18bab234f41b536f54aa3957c4673adabe861151e6b868d9620aa5d4e53b0a0f2a2474b9e715a5167230da3e787da5fa02e4496039f449f
- SSDEEP
  
  6291456:sM//b7cvHyXgFcsJ0hi87SYqIE2BIzpGV8EvOfnFTsd3BsiHF8:sMnUvSXgJ0hi82YqI292hv+nFTCRhu
Score

8^/10

discovery exploit persistence
- Possible privilege escalation attempt
  exploit
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Modifies file permissions
  discovery
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexploitpersistence

© 2018-2025

Terms | Privacy