23da62e4b152739d914094e54c657a5615ebf0c3b8fe43eb9a5c342ee083f9ce | Triage

Submit
Reports

Overview

overview

8

Static

static

1

LDPlayer9_...ld.exe

windows7-x64

3

LDPlayer9_...ld.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

LDPlayer9_ru_1007_ld.exe
Size

6.2MB
Sample

240710-sshy9avfmn
MD5

d8164d9999866836fcc904dbe63d0d9c
SHA1

732a521c0856f4ee61a6e374d1605f14a3886a4e
SHA256

23da62e4b152739d914094e54c657a5615ebf0c3b8fe43eb9a5c342ee083f9ce
SHA512

30ff54b8d4e1c0d9463786922344b0ffd9f2cd640fcc18f45d441e4fad3d32659c766554aa83a094aefb1186570397ce8aa7d6ae079497fc2c03c792a221730f
SSDEEP

98304:maMOOH01Z71vVOO+svd2YJVr5cOlprwwEGK579UbrGif:maMOA01uCtf5copnEGKF97e

Score

8^/10

discovery execution exploit persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

LDPlayer9_ru_1007_ld.exe

Resource

win7-20240704-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

LDPlayer9_ru_1007_ld.exe

Resource

win10v2004-20240709-en

discovery execution exploit persistence privilege_escalation

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  LDPlayer9_ru_1007_ld.exe
- Size
  
  6.2MB
- MD5
  
  d8164d9999866836fcc904dbe63d0d9c
- SHA1
  
  732a521c0856f4ee61a6e374d1605f14a3886a4e
- SHA256
  
  23da62e4b152739d914094e54c657a5615ebf0c3b8fe43eb9a5c342ee083f9ce
- SHA512
  
  30ff54b8d4e1c0d9463786922344b0ffd9f2cd640fcc18f45d441e4fad3d32659c766554aa83a094aefb1186570397ce8aa7d6ae079497fc2c03c792a221730f
- SSDEEP
  
  98304:maMOOH01Z71vVOO+svd2YJVr5cOlprwwEGK579UbrGif:maMOA01uCtf5copnEGKF97e
Score

8^/10

discovery execution exploit persistence privilege_escalation
- Creates new service(s)
  persistence execution
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryexecutionexploitpersistenceprivilege_escalation

© 2018-2025

Terms | Privacy