9ad9f21ec1538978e896317756689c1b02b84d645a2f7c9c05416a7d2033b3ab | Triage

Submit
Reports

Overview

overview

8

Static

static

1

240522-t14...1.pcap

windows10-1703-x64

8

Sharing

General

Target

240522-t14flahc41-behavioral1.pcap
Size

6.5MB
Sample

240522-t91fashe8t
MD5

c719628113586541710931c2a0daad28
SHA1

3d30ebc75dc3e5f4d17841e9eadf20565d878b5b
SHA256

9ad9f21ec1538978e896317756689c1b02b84d645a2f7c9c05416a7d2033b3ab
SHA512

6f852f8276bed2743de85ca3583179061747bf31459dd53984871d25844c6b03ffa3ff9d227afe526621accd936cbc8f66d69745f11b52653c6bc46d23287f2d
SSDEEP

98304:pgmP+J5+GBoKNxTbSww87tjM76kGQxfC+lcWZ+XnRojo7V/UuUrudMsS6vA4uuLT:/Ps3GmnFToNWG+3dB/UptOA4uYY2

Score

8^/10

discovery evasion exploit persistence

Static task

static1

Behavioral task

behavioral1

Sample

240522-t14flahc41-behavioral1.pcap

Resource

win10-20240404-en

discovery evasion exploit persistence

windows10-1703-x64

26 signatures

300 seconds

Malware Config

Targets

- Target
  
  240522-t14flahc41-behavioral1.pcap
- Size
  
  6.5MB
- MD5
  
  c719628113586541710931c2a0daad28
- SHA1
  
  3d30ebc75dc3e5f4d17841e9eadf20565d878b5b
- SHA256
  
  9ad9f21ec1538978e896317756689c1b02b84d645a2f7c9c05416a7d2033b3ab
- SHA512
  
  6f852f8276bed2743de85ca3583179061747bf31459dd53984871d25844c6b03ffa3ff9d227afe526621accd936cbc8f66d69745f11b52653c6bc46d23287f2d
- SSDEEP
  
  98304:pgmP+J5+GBoKNxTbSww87tjM76kGQxfC+lcWZ+XnRojo7V/UuUrudMsS6vA4uuLT:/Ps3GmnFToNWG+3dB/UptOA4uYY2
Score

8^/10

discovery evasion exploit persistence
- Disables Task Manager via registry modification
  evasion
- Modifies Installed Components in the registry
  persistence
- Possible privilege escalation attempt
  exploit
- Executes dropped EXE
- Modifies file permissions
  discovery
- Modifies system executable filetype association
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryevasionexploitpersistence

© 2018-2024

Terms | Privacy