a093c796f256937e970d7961231630f375832e3fdb4035b0ba07f12e8152935e | Triage

Submit
Reports

Overview

overview

8

Static

static

1

My Logo.txt

windows10-2004-x64

8

Sharing

General

Target

My Logo.txt
Size

1KB
Sample

240710-zystzazepp
MD5

bbc32d16965e2f899e0aac0db24d3172
SHA1

701a48a505b0e339445e4bcd3c8687e821300b5f
SHA256

a093c796f256937e970d7961231630f375832e3fdb4035b0ba07f12e8152935e
SHA512

7d9b120eec8235fa61ba491910a4e74dbb215904c07905a501c1e684d9d485ef741e07a581b5a5599de2cc8b0b798700bdbb47f772ea02f7f8b5ad068d06ee11

Score

8^/10

discovery evasion persistence privilege_escalation trojan

Static task

static1

Behavioral task

behavioral1

Sample

My Logo.txt

Resource

win10v2004-20240709-en

discovery evasion persistence privilege_escalation trojan

windows10-2004-x64

30 signatures

1800 seconds

Malware Config

Targets

- Target
  
  My Logo.txt
- Size
  
  1KB
- MD5
  
  bbc32d16965e2f899e0aac0db24d3172
- SHA1
  
  701a48a505b0e339445e4bcd3c8687e821300b5f
- SHA256
  
  a093c796f256937e970d7961231630f375832e3fdb4035b0ba07f12e8152935e
- SHA512
  
  7d9b120eec8235fa61ba491910a4e74dbb215904c07905a501c1e684d9d485ef741e07a581b5a5599de2cc8b0b798700bdbb47f772ea02f7f8b5ad068d06ee11
Score

8^/10

discovery evasion persistence privilege_escalation trojan
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalationtrojan

© 2018-2024

Terms | Privacy