Overview

overview

8

Static

static

1

sample.html

windows10-1703-x64

8

Resubmissions

24-04-2024 14:03

240424-rc34tabc31 8

24-04-2024 13:58

240424-raapgsbb8z 8

24-04-2024 13:57

240424-q9f5wabb6z 1

24-04-2024 13:50

240424-q48myaba32 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample

  • Size

    18KB

  • Sample

    240424-q48myaba32

  • MD5

    5cabe3fb7542fbc6be5888b1b2df6596

  • SHA1

    28facab060f6559cd4f5e46864a07a94fd162185

  • SHA256

    5bed1c23e5338e582baa3bff2ca493b94a0d2751fa81c97dea721145ba2ff2d8

  • SHA512

    1a14fa45e5f9573c3c0c3e703673527d99709f305b2ea2f27dfcdb03c9a424a764c71fb2a1535333d3a904546bec96d449a7609857d871c65d90ecd7ed9abb02

  • SSDEEP

    384:rUaDpmReVoOs4Xi9ylKeGMjU8HhhbrOM7VjS2LjFrSxLI+PVJCBXQL:rUaBVoOs4XmyI1MbBhb66VzFrSxLHJQu

Score
8/10
discoveryexploitpersistence

Malware Config

Targets

    • Target

      sample

    • Size

      18KB

    • MD5

      5cabe3fb7542fbc6be5888b1b2df6596

    • SHA1

      28facab060f6559cd4f5e46864a07a94fd162185

    • SHA256

      5bed1c23e5338e582baa3bff2ca493b94a0d2751fa81c97dea721145ba2ff2d8

    • SHA512

      1a14fa45e5f9573c3c0c3e703673527d99709f305b2ea2f27dfcdb03c9a424a764c71fb2a1535333d3a904546bec96d449a7609857d871c65d90ecd7ed9abb02

    • SSDEEP

      384:rUaDpmReVoOs4Xi9ylKeGMjU8HhhbrOM7VjS2LjFrSxLI+PVJCBXQL:rUaBVoOs4XmyI1MbBhb66VzFrSxLHJQu

    Score
    8/10
    discoveryexploitpersistence

    • Downloads MZ/PE file

    • Modifies AppInit DLL entries

      persistence

    • Modifies Installed Components in the registry

      persistence

    • Possible privilege escalation attempt

      exploit

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

3
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

3
T1547.001

Defense Evasion

Modify Registry

4
T1112

File and Directory Permissions Modification

1
T1222

Credential Access

Discovery

Query Registry

5
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks