4808c357a28c46069aa76819a383fa03d4083307ca116e516883fcc46b8f5212 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

4808c357a2...12.dll

windows7-x64

3

4808c357a2...12.dll

windows10-2004-x64

8

Sharing

General

Target

4808c357a28c46069aa76819a383fa03d4083307ca116e516883fcc46b8f5212
Size

3.5MB
Sample

240807-z89kgaxgqc
MD5

9ec0d6b157cad4cb24a73c5fe25f5741
SHA1

96f6fca560d26c8f8706a407a03e7ce414caa67c
SHA256

4808c357a28c46069aa76819a383fa03d4083307ca116e516883fcc46b8f5212
SHA512

7402732e6ac7dce6ae91f03a63c621d24e5263fa3c65d69aae1e6adb868dacba36082ee4d6d0fea37a31f2875b4c2eb7456cb1c7ba8f93d3668cad46f2ce05b6
SSDEEP

98304:KybQ5fkA+XPwPaIL0Kn3xBqFhimSIACifrxFLOAkGkzdnEVomFHKnPsH:3QEXP7smSIACiDxFLOyomFHKnPsH

Score

8^/10

discovery persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

4808c357a28c46069aa76819a383fa03d4083307ca116e516883fcc46b8f5212.dll

Resource

win7-20240704-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

4808c357a28c46069aa76819a383fa03d4083307ca116e516883fcc46b8f5212.dll

Resource

win10v2004-20240802-en

discovery persistence privilege_escalation

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  4808c357a28c46069aa76819a383fa03d4083307ca116e516883fcc46b8f5212
- Size
  
  3.5MB
- MD5
  
  9ec0d6b157cad4cb24a73c5fe25f5741
- SHA1
  
  96f6fca560d26c8f8706a407a03e7ce414caa67c
- SHA256
  
  4808c357a28c46069aa76819a383fa03d4083307ca116e516883fcc46b8f5212
- SHA512
  
  7402732e6ac7dce6ae91f03a63c621d24e5263fa3c65d69aae1e6adb868dacba36082ee4d6d0fea37a31f2875b4c2eb7456cb1c7ba8f93d3668cad46f2ce05b6
- SSDEEP
  
  98304:KybQ5fkA+XPwPaIL0Kn3xBqFhimSIACifrxFLOAkGkzdnEVomFHKnPsH:3QEXP7smSIACiDxFLOyomFHKnPsH
Score

8^/10

discovery persistence privilege_escalation
- Blocklisted process makes network request
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistenceprivilege_escalation

© 2018-2025

Terms | Privacy