058d25ce84db98038da1137a47b95778ec4ddf360af19cbb4dd95687d03875e2 | Triage

Sharing

General

Target

2024-08-19_1ef4967fef53a3a587bf37c71bd1d2d3_ryuk
Size

1.7MB
Sample

240819-19yd9ssgjr
MD5

1ef4967fef53a3a587bf37c71bd1d2d3
SHA1

0a56012fd9c13f92b9967c736659489b4b0ebdd2
SHA256

058d25ce84db98038da1137a47b95778ec4ddf360af19cbb4dd95687d03875e2
SHA512

07698d67f0ac208124c0cdb320aff2b781e62fe9c0f6b800cddedc93e1367dbdaeba90b73d7f5d360bddb60ee2adb1f42ae76654e824a660796a506d95be3f59
SSDEEP

24576:3iBE0zqwXeAVmYZsqjnhMgeiCl7G0nehbGZpbD:je5Xe6XdDmg27RnWGj

Score

7^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  2024-08-19_1ef4967fef53a3a587bf37c71bd1d2d3_ryuk
- Size
  
  1.7MB
- MD5
  
  1ef4967fef53a3a587bf37c71bd1d2d3
- SHA1
  
  0a56012fd9c13f92b9967c736659489b4b0ebdd2
- SHA256
  
  058d25ce84db98038da1137a47b95778ec4ddf360af19cbb4dd95687d03875e2
- SHA512
  
  07698d67f0ac208124c0cdb320aff2b781e62fe9c0f6b800cddedc93e1367dbdaeba90b73d7f5d360bddb60ee2adb1f42ae76654e824a660796a506d95be3f59
- SSDEEP
  
  24576:3iBE0zqwXeAVmYZsqjnhMgeiCl7G0nehbGZpbD:je5Xe6XdDmg27RnWGj
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistenceprivilege_escalation