General
-
Target
8e2b4a06579743d83b1732bf69073bb8201046f7b4ffffbd5567a42faec38c8a
-
Size
1.5MB
-
Sample
240818-enf27svamc
-
MD5
360afa4681dca1042ea3ab1fbbe6279b
-
SHA1
090c947acf423738fbeda5c2daa9d6970b8fb213
-
SHA256
8e2b4a06579743d83b1732bf69073bb8201046f7b4ffffbd5567a42faec38c8a
-
SHA512
7869affd1ffd531236c55296e6eb0d1b82434a34599bf764e6b98d297b3aa3bfd84fbda738892fd894e1d579586f077219d0f68372b0d824f8d92ea247657907
-
SSDEEP
24576:sXYi1f9w46vCc0jQtMKMb+AS3MmMrvD1GoWoK6Q:soi1f9y21qZMr9WP
Static task
static1
Behavioral task
behavioral1
Sample
8e2b4a06579743d83b1732bf69073bb8201046f7b4ffffbd5567a42faec38c8a.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
8e2b4a06579743d83b1732bf69073bb8201046f7b4ffffbd5567a42faec38c8a.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
8e2b4a06579743d83b1732bf69073bb8201046f7b4ffffbd5567a42faec38c8a
-
Size
1.5MB
-
MD5
360afa4681dca1042ea3ab1fbbe6279b
-
SHA1
090c947acf423738fbeda5c2daa9d6970b8fb213
-
SHA256
8e2b4a06579743d83b1732bf69073bb8201046f7b4ffffbd5567a42faec38c8a
-
SHA512
7869affd1ffd531236c55296e6eb0d1b82434a34599bf764e6b98d297b3aa3bfd84fbda738892fd894e1d579586f077219d0f68372b0d824f8d92ea247657907
-
SSDEEP
24576:sXYi1f9w46vCc0jQtMKMb+AS3MmMrvD1GoWoK6Q:soi1f9y21qZMr9WP
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Disables RegEdit via registry modification
-
Event Triggered Execution: Image File Execution Options Injection
-
Indicator Removal: Network Share Connection Removal
Adversaries may remove share connections that are no longer useful in order to clean up traces of their operation.
-
Possible privilege escalation attempt
-
Modifies file permissions
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Event Triggered Execution
2Accessibility Features
1Image File Execution Options Injection
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Account Manipulation
1Event Triggered Execution
2Accessibility Features
1Image File Execution Options Injection
1