General
-
Target
lolhahahackerwowohnoo.zip
-
Size
356KB
-
Sample
240811-qa7hsavdph
-
MD5
99b1634b16aa0114a2a4034f89374ab2
-
SHA1
ba0fa3a7c86d5beb626fd4ff9bdb3ef19aa07f36
-
SHA256
0dd46341ec484a9634677c19ce94f04287f2f288c7bf4b751e0ca28a569986a2
-
SHA512
19e1a0079fbf4beb68c856bf8728b094b8cd193e97b115af9f51f6b08481d8f32c1b2029649713685bb608dc1d2bb3d13cb398fb6607cf5a4cfa02b7877a752b
-
SSDEEP
6144:e7gIXyojWkYhSlOipmMdb+BKqV8tj8axlWPpXD37mP9uL1+aUBejerUGOI2ta:+nvfqK8aDANy/h
Static task
static1
Behavioral task
behavioral1
Sample
lolhahahackerwowohnoo/hello.bat
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
lolhahahackerwowohnoo/hello.bat
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
lolhahahackerwowohnoo/hello.bat
-
Size
2KB
-
MD5
d51621e27667aad9fa339cc33b26cc52
-
SHA1
6cbc2853cabf7f8b7fcd23c8f3ae10b3022b743a
-
SHA256
f01291a8fcde83ba8e8cf48b30491bd0cb49d4ff8f3a3a029094032a13d71305
-
SHA512
7a22494286a251945e7b1a735398be09105cd361aed033b0350bdecfd75e63d578513e20bf02a599b0ec616ece40254ed44c83ef4f7e18ab2b9de41c82a0bb82
-
Modifies visibility of file extensions in Explorer
-
Blocklisted process makes network request
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
System Binary Proxy Execution: Rundll32
Abuse Rundll32 to proxy execution of malicious code.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
8System Binary Proxy Execution
1Rundll32
1