598b6f5cadd0e92a90e361248be416e110700a6dfb37bbcaeab0b0b8b1e6bc48 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

Stand Acco...1).txt

windows11-21h2-x64

8

Resubmissions

03/08/2024, 05:17

240803-fypb1aygqb 8

Sharing

General

Target

Stand Account ID (1).txt
Size

31B
Sample

240803-fypb1aygqb
MD5

e6c07ff4c35acb9e0d12a1c14be29b80
SHA1

80ad8e97bbb72f052597c6c4b6ff458c9c137ec1
SHA256

598b6f5cadd0e92a90e361248be416e110700a6dfb37bbcaeab0b0b8b1e6bc48
SHA512

2592d0c8f74a1e546d94ac3994de0355b020be65193b4e1d3372b964b63e2c89bc0e804e63c0621d42ac71a983275e74992de647b1239dbbfe72a0fe6e473282

Score

8^/10

defense_evasion discovery persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

Stand Account ID (1).txt

Resource

win11-20240802-en

defense_evasion discovery persistence privilege_escalation

windows11-21h2-x64

23 signatures

1200 seconds

Malware Config

Targets

- Target
  
  Stand Account ID (1).txt
- Size
  
  31B
- MD5
  
  e6c07ff4c35acb9e0d12a1c14be29b80
- SHA1
  
  80ad8e97bbb72f052597c6c4b6ff458c9c137ec1
- SHA256
  
  598b6f5cadd0e92a90e361248be416e110700a6dfb37bbcaeab0b0b8b1e6bc48
- SHA512
  
  2592d0c8f74a1e546d94ac3994de0355b020be65193b4e1d3372b964b63e2c89bc0e804e63c0621d42ac71a983275e74992de647b1239dbbfe72a0fe6e473282
Score

8^/10

defense_evasion discovery persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation

© 2018-2025

Terms | Privacy