Overview

overview

10

Static

static

1

sample.html

windows10-1703-x64

Resubmissions

25-04-2024 18:13

240425-wt9p5sdc51 10

25-04-2024 18:08

240425-wqze1add38 10

25-04-2024 18:05

240425-wpcjvadc2t 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample

  • Size

    19KB

  • Sample

    240425-wqze1add38

  • MD5

    39a49a0f8ac6c6c2532c8e0fb619314f

  • SHA1

    f58325cf2a9a92031697915b0759630699872fd5

  • SHA256

    4b4d5673b94b4265836247a57b146413100698ed5c79a9f93409abec7c5d9c68

  • SHA512

    2069d523e9777c62d5f463364f9d851969e714801b146434a0e2dbe95060715ffce7fd301632bbe93fd8eb1e9ed5aae74813f4c7cd1694238ba9e382e7411f93

  • SSDEEP

    384:rLyv/u9KDpmReVoOs4Mi9ylKeGMxU8HhhbJnQ7xZS2LjFrSX+NVJCBXQL:rLytBVoOs4MmyI1M1BhbFuPFrSsJQQL

Score
10/10
discoveryevasionexploitpersistencetrojan

Malware Config

Targets

    • Target

      sample

    • Size

      19KB

    • MD5

      39a49a0f8ac6c6c2532c8e0fb619314f

    • SHA1

      f58325cf2a9a92031697915b0759630699872fd5

    • SHA256

      4b4d5673b94b4265836247a57b146413100698ed5c79a9f93409abec7c5d9c68

    • SHA512

      2069d523e9777c62d5f463364f9d851969e714801b146434a0e2dbe95060715ffce7fd301632bbe93fd8eb1e9ed5aae74813f4c7cd1694238ba9e382e7411f93

    • SSDEEP

      384:rLyv/u9KDpmReVoOs4Mi9ylKeGMxU8HhhbJnQ7xZS2LjFrSX+NVJCBXQL:rLytBVoOs4MmyI1M1BhbFuPFrSsJQQL

    Score
    10/10
    discoveryevasionexploitpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

      persistence

    • Possible privilege escalation attempt

      exploit

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Modifies system executable filetype association

      persistence

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

1
T1547.004

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

1
T1547.004

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

File and Directory Permissions Modification

1
T1222

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

6
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks