General
-
Target
My Logo.txt
-
Size
1KB
-
Sample
240710-zystzazepp
-
MD5
bbc32d16965e2f899e0aac0db24d3172
-
SHA1
701a48a505b0e339445e4bcd3c8687e821300b5f
-
SHA256
a093c796f256937e970d7961231630f375832e3fdb4035b0ba07f12e8152935e
-
SHA512
7d9b120eec8235fa61ba491910a4e74dbb215904c07905a501c1e684d9d485ef741e07a581b5a5599de2cc8b0b798700bdbb47f772ea02f7f8b5ad068d06ee11
Static task
static1
Behavioral task
behavioral1
Sample
My Logo.txt
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
My Logo.txt
-
Size
1KB
-
MD5
bbc32d16965e2f899e0aac0db24d3172
-
SHA1
701a48a505b0e339445e4bcd3c8687e821300b5f
-
SHA256
a093c796f256937e970d7961231630f375832e3fdb4035b0ba07f12e8152935e
-
SHA512
7d9b120eec8235fa61ba491910a4e74dbb215904c07905a501c1e684d9d485ef741e07a581b5a5599de2cc8b0b798700bdbb47f772ea02f7f8b5ad068d06ee11
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1