d52d424ce932e11fd80a426d866dd83de463b6b403750801acd871b706327a39 | Triage

Sharing

General

Target

ipts.7z
Size

42.0MB
Sample

240811-pl1zpsyhqp
MD5

e008dd5d08710143026f8cd79111b1af
SHA1

dc24abd2d9cfeb6a9d718dc41491b0758a1b9d32
SHA256

d52d424ce932e11fd80a426d866dd83de463b6b403750801acd871b706327a39
SHA512

97665c0d8c10fd953405e54eca9662bfd2905caba2949f34dbf2133c304d41eb7be4bbf6ca9d7884e8c54aee6e9e349a12013145ef248daa24e658b5d4471119
SSDEEP

786432:EKUu9Oiq0RnRcAS1LdvSiWjU4nLMjkMjE61pXqMdljceAit97P:EKpO09RcAWvSrzMVFyitd

Score

7^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  ipts.7z
- Size
  
  42.0MB
- MD5
  
  e008dd5d08710143026f8cd79111b1af
- SHA1
  
  dc24abd2d9cfeb6a9d718dc41491b0758a1b9d32
- SHA256
  
  d52d424ce932e11fd80a426d866dd83de463b6b403750801acd871b706327a39
- SHA512
  
  97665c0d8c10fd953405e54eca9662bfd2905caba2949f34dbf2133c304d41eb7be4bbf6ca9d7884e8c54aee6e9e349a12013145ef248daa24e658b5d4471119
- SSDEEP
  
  786432:EKUu9Oiq0RnRcAS1LdvSiWjU4nLMjkMjE61pXqMdljceAit97P:EKpO09RcAWvSrzMVFyitd
Score

7^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

discoverypersistenceprivilege_escalation