General
-
Target
Eleven.exe
-
Size
31KB
-
Sample
240513-e934vshh5w
-
MD5
4caf72b4536700e12214fa1721bf54d7
-
SHA1
6baf706e93a320118a95a4a442137c9080000e8d
-
SHA256
808f45e1d033ec8b120e75339ba896ffa52691b3d9cd4a2d4c0fadb0ede9ffb2
-
SHA512
480154b51b2bee339175e45aa27338f5152849e05374e9d11cbe70ac70c00af25bd009d9e74937607d00574f1696e62c3d48ab6ef57c6061161f9ca2b452418f
-
SSDEEP
384:aWCJ4vgjaGZy8ILvnk+X6EA+t/U7Oy+Q6HUN2s682FN/mb9pM1HjqMjyK6xNORtZ:aivUEK+OOyaUksmHObMF4YRrhf4K
Static task
static1
Behavioral task
behavioral1
Sample
Eleven.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
Eleven.exe
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
Eleven.exe
-
Size
31KB
-
MD5
4caf72b4536700e12214fa1721bf54d7
-
SHA1
6baf706e93a320118a95a4a442137c9080000e8d
-
SHA256
808f45e1d033ec8b120e75339ba896ffa52691b3d9cd4a2d4c0fadb0ede9ffb2
-
SHA512
480154b51b2bee339175e45aa27338f5152849e05374e9d11cbe70ac70c00af25bd009d9e74937607d00574f1696e62c3d48ab6ef57c6061161f9ca2b452418f
-
SSDEEP
384:aWCJ4vgjaGZy8ILvnk+X6EA+t/U7Oy+Q6HUN2s682FN/mb9pM1HjqMjyK6xNORtZ:aivUEK+OOyaUksmHObMF4YRrhf4K
Score10/10-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1