Overview

overview

7

Static

static

1

dx.py

windows10-2004-x64

7

Resubmissions

16/07/2024, 00:32

240716-av5lxswhpn 3

16/07/2024, 00:32

240716-avlh2swhmp 3

16/07/2024, 00:30

240716-atvekazbke 3

16/07/2024, 00:27

240716-ars4qawglp 7

Sharing

Copy URL Twitter E-mail

General

  • Target

    dx.py

  • Size

    1KB

  • Sample

    240716-ars4qawglp

  • MD5

    5cd7c3de0d4584580b6dd58f16b57431

  • SHA1

    de401b90ff252f0bcccaa5e774c9c75765c057fe

  • SHA256

    678b4f4d2bcefb12af9004fae9c466f9fde026d388e1378a617f0b5216068393

  • SHA512

    80a42cba603a0d8daecdbc24a7fc46d25960d5446f370766962f76cfd8f2e671608d7d94b3adcdc98ba0679efb35f2e11effa1071ff5cc01d71969a1707213c5

Score
7/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      dx.py

    • Size

      1KB

    • MD5

      5cd7c3de0d4584580b6dd58f16b57431

    • SHA1

      de401b90ff252f0bcccaa5e774c9c75765c057fe

    • SHA256

      678b4f4d2bcefb12af9004fae9c466f9fde026d388e1378a617f0b5216068393

    • SHA512

      80a42cba603a0d8daecdbc24a7fc46d25960d5446f370766962f76cfd8f2e671608d7d94b3adcdc98ba0679efb35f2e11effa1071ff5cc01d71969a1707213c5

    Score
    7/10
    discoverypersistenceprivilege_escalation

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks