74fb4e00b396ed5e0a64ae262aae598753fd8b345031436db974f1b77ccb259b | Triage

Submit
Reports

Overview

overview

8

Static

static

1

1241304301...38.ogg

windows11-21h2-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

1241304301683347538.ogg
Size

20KB
Sample

240629-h1v9fawelp
MD5

2e83f13cf9a84622a55a494baaf4a804
SHA1

fbbde591b3863cce251ec12424e4c7837fee2d41
SHA256

74fb4e00b396ed5e0a64ae262aae598753fd8b345031436db974f1b77ccb259b
SHA512

f1a47d525925897c93e64f1f6488e72966472dc3c84868ed8d44e9265646c1d4901eee4c652e2575bd98908c64d2f29569bb5c91abd9f96a54b9c9ab8c3be5a2
SSDEEP

384:smDMt+siTkrSwSJXKOkkSqPimwGA7Wv8NBqcP/r0UGWQKEIGL9sfeeh:smQ1GqEJKnk3KmwGAPlP/wU+pIGL9smG

Score

8^/10

discovery evasion persistence privilege_escalation trojan

Static task

static1

Behavioral task

behavioral1

Sample

1241304301683347538.ogg

Resource

win11-20240611-en

discovery evasion persistence privilege_escalation trojan

windows11-21h2-x64

30 signatures

150 seconds

Malware Config

Targets

- Target
  
  1241304301683347538.ogg
- Size
  
  20KB
- MD5
  
  2e83f13cf9a84622a55a494baaf4a804
- SHA1
  
  fbbde591b3863cce251ec12424e4c7837fee2d41
- SHA256
  
  74fb4e00b396ed5e0a64ae262aae598753fd8b345031436db974f1b77ccb259b
- SHA512
  
  f1a47d525925897c93e64f1f6488e72966472dc3c84868ed8d44e9265646c1d4901eee4c652e2575bd98908c64d2f29569bb5c91abd9f96a54b9c9ab8c3be5a2
- SSDEEP
  
  384:smDMt+siTkrSwSJXKOkkSqPimwGA7Wv8NBqcP/r0UGWQKEIGL9sfeeh:smQ1GqEJKnk3KmwGAPlP/wU+pIGL9smG
Score

8^/10

discovery evasion persistence privilege_escalation trojan
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalationtrojan

© 2018-2025

Terms | Privacy