e7e82e0b485c47363688615dec109804bdcbc5472794ca540b659d55d8027872 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

real.bat

windows10-2004-x64

8

Sharing

General

Target

real.bat
Size

1KB
Sample

240807-dxlhlszcqn
MD5

9310665742ce11663034ef6708932124
SHA1

00c51f35addad2e0ce0b560237b4ec29c77b41ca
SHA256

e7e82e0b485c47363688615dec109804bdcbc5472794ca540b659d55d8027872
SHA512

06b43e90d12947c13083340effc17253541b489b24fe5ce792abed5b9491d8479d0ba84e06b72067b71dbbd032932c7358296d079931e14cbe6bf26d516336b0

Score

8^/10

discovery evasion motw persistence phishing privilege_escalation trojan

Static task

static1

Behavioral task

behavioral1

Sample

real.bat

Resource

win10v2004-20240802-en

discovery evasion motw persistence phishing privilege_escalation trojan

windows10-2004-x64

26 signatures

300 seconds

Malware Config

Targets

- Target
  
  real.bat
- Size
  
  1KB
- MD5
  
  9310665742ce11663034ef6708932124
- SHA1
  
  00c51f35addad2e0ce0b560237b4ec29c77b41ca
- SHA256
  
  e7e82e0b485c47363688615dec109804bdcbc5472794ca540b659d55d8027872
- SHA512
  
  06b43e90d12947c13083340effc17253541b489b24fe5ce792abed5b9491d8479d0ba84e06b72067b71dbbd032932c7358296d079931e14cbe6bf26d516336b0
Score

8^/10

discovery evasion motw persistence phishing privilege_escalation trojan
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionmotwpersistencephishingprivilege_escalationtrojan

© 2018-2025

Terms | Privacy