b44edf50616943f8a2b94e5ca860ccf5f628db03c2bd0e3bec341539f1bbe0ca | Triage

Sharing

General

Target

PermSpoofer.exe
Size

669KB
Sample

240812-cakgcszcpr
MD5

8eb70959830bbe2a7d2fff2d1a361a8f
SHA1

09f115500da658766c31588c0beaa9b96b99f645
SHA256

b44edf50616943f8a2b94e5ca860ccf5f628db03c2bd0e3bec341539f1bbe0ca
SHA512

872838a53c90ccf2fbfd2b1429ed0a8066dfc5fe761a44ba0647ecbcced8ca9fe7f1620f9fede0bafcdadc7d6ec05e4146121f76a5882b830cbe1ef4ef08f78d
SSDEEP

12288:uL9TxTU252j76IdIEjmo1LtnMqE51S9VWqjD:CTUq2vOEjmohtMqy9sD

Score

8^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  PermSpoofer.exe
- Size
  
  669KB
- MD5
  
  8eb70959830bbe2a7d2fff2d1a361a8f
- SHA1
  
  09f115500da658766c31588c0beaa9b96b99f645
- SHA256
  
  b44edf50616943f8a2b94e5ca860ccf5f628db03c2bd0e3bec341539f1bbe0ca
- SHA512
  
  872838a53c90ccf2fbfd2b1429ed0a8066dfc5fe761a44ba0647ecbcced8ca9fe7f1620f9fede0bafcdadc7d6ec05e4146121f76a5882b830cbe1ef4ef08f78d
- SSDEEP
  
  12288:uL9TxTU252j76IdIEjmo1LtnMqE51S9VWqjD:CTUq2vOEjmohtMqy9sD
Score

8^/10

persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Loads dropped DLL
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation