8d48d0a05d581922a4d30ba98cbf51ea981a37c95fad689e0b84b979e312f6a4 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

LDPlayer9_...ld.exe

windows11-21h2-x64

8

Sharing

General

Target

LDPlayer9_ens_1552109_ld.exe
Size

3.4MB
Sample

240720-s434kasamr
MD5

9f9bbd12ae5894046810e6736ec4d892
SHA1

9e81b764a40ec39f6667c54b8d40da0b97cb5a7f
SHA256

8d48d0a05d581922a4d30ba98cbf51ea981a37c95fad689e0b84b979e312f6a4
SHA512

57d5b59de422394856e15b2d65c1f2a9e85a1b012c954ecad98682a84c7f90ff00be91819c8ae9cd123270e2cf446d69bfb248bde471a29846d57bf401417eaa
SSDEEP

49152:p2XX9nMhH9mpVLZ0CSf1pHtOUYqP3CFOrtG/JR9sXafgkDFMVR9C1UhPJXMK701K:p2XX96HMpVLZo1t0xOoGBiCV2Hmd

Score

8^/10

discovery execution exploit persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

LDPlayer9_ens_1552109_ld.exe

Resource

win11-20240709-en

discovery execution exploit persistence privilege_escalation

windows11-21h2-x64

27 signatures

300 seconds

Malware Config

Targets

- Target
  
  LDPlayer9_ens_1552109_ld.exe
- Size
  
  3.4MB
- MD5
  
  9f9bbd12ae5894046810e6736ec4d892
- SHA1
  
  9e81b764a40ec39f6667c54b8d40da0b97cb5a7f
- SHA256
  
  8d48d0a05d581922a4d30ba98cbf51ea981a37c95fad689e0b84b979e312f6a4
- SHA512
  
  57d5b59de422394856e15b2d65c1f2a9e85a1b012c954ecad98682a84c7f90ff00be91819c8ae9cd123270e2cf446d69bfb248bde471a29846d57bf401417eaa
- SSDEEP
  
  49152:p2XX9nMhH9mpVLZ0CSf1pHtOUYqP3CFOrtG/JR9sXafgkDFMVR9C1UhPJXMK701K:p2XX96HMpVLZo1t0xOoGBiCV2Hmd
Score

8^/10

discovery execution exploit persistence privilege_escalation
- Creates new service(s)
  persistence execution
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecutionexploitpersistenceprivilege_escalation

© 2018-2024

Terms | Privacy