aa18df904fecb08b1433766aae6e78777f8b1626780270973fd0e8429c2be9a5 | Triage

Sharing

General

Target

ca623a4415c4ab5d0ab5f754e805eec0N.exe
Size

6.7MB
Sample

240806-ta8ydstalr
MD5

ca623a4415c4ab5d0ab5f754e805eec0
SHA1

aac96a1fde53fa97d18afb11d24424bffc636797
SHA256

aa18df904fecb08b1433766aae6e78777f8b1626780270973fd0e8429c2be9a5
SHA512

4e6c162bbc27fdf933edbecc9e3837db999fb6914a066a0bbcfcc9c9f81f0cf5096ebc0a8441e0ca02695b5ec0744c8a8fc975a3052e39643b5f94e043df1e5e
SSDEEP

196608:8nBqPnFY0ybc2jCiwaO13rXLoKpK7jG0t8+:sqa14cwhhrxk7jGi8+

Score

7^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  ca623a4415c4ab5d0ab5f754e805eec0N.exe
- Size
  
  6.7MB
- MD5
  
  ca623a4415c4ab5d0ab5f754e805eec0
- SHA1
  
  aac96a1fde53fa97d18afb11d24424bffc636797
- SHA256
  
  aa18df904fecb08b1433766aae6e78777f8b1626780270973fd0e8429c2be9a5
- SHA512
  
  4e6c162bbc27fdf933edbecc9e3837db999fb6914a066a0bbcfcc9c9f81f0cf5096ebc0a8441e0ca02695b5ec0744c8a8fc975a3052e39643b5f94e043df1e5e
- SSDEEP
  
  196608:8nBqPnFY0ybc2jCiwaO13rXLoKpK7jG0t8+:sqa14cwhhrxk7jGi8+
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation