20fe6a586148109a4e9ebdedcb688a06d30fa8cf63380cce84584acc4865c986 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

WordMat130.exe

windows10-1703-x64

WordMat130.exe

windows10-2004-x64

4

Sharing

General

Target

WordMat130.exe
Size

179.8MB
Sample

240819-hb9ersygqa
MD5

50862563aa624426b06689a483519a7c
SHA1

bb4a2003ed06bb6c97854fdfe5f306fa12e974cb
SHA256

20fe6a586148109a4e9ebdedcb688a06d30fa8cf63380cce84584acc4865c986
SHA512

540a3b0086f4f70dc6900266f8408551e02ce0443cdb131f89d1f3cea9fba6614b39eddf348e485501c7757d57696dec383a41a41a90c47b9c46d3d1e3498858
SSDEEP

3145728:6iGM5vKvhGo8aDbXRvxbbmSFNYgfXQwSrcW0y1ojlT5AiBMYqxZtzo:NGYviHpvJaScICrqyy8iBMlt8

Score

7^/10

discovery persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

WordMat130.exe

Resource

win10-20240404-en

discovery persistence privilege_escalation

windows10-1703-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

WordMat130.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  WordMat130.exe
- Size
  
  179.8MB
- MD5
  
  50862563aa624426b06689a483519a7c
- SHA1
  
  bb4a2003ed06bb6c97854fdfe5f306fa12e974cb
- SHA256
  
  20fe6a586148109a4e9ebdedcb688a06d30fa8cf63380cce84584acc4865c986
- SHA512
  
  540a3b0086f4f70dc6900266f8408551e02ce0443cdb131f89d1f3cea9fba6614b39eddf348e485501c7757d57696dec383a41a41a90c47b9c46d3d1e3498858
- SSDEEP
  
  3145728:6iGM5vKvhGo8aDbXRvxbbmSFNYgfXQwSrcW0y1ojlT5AiBMYqxZtzo:NGYviHpvJaScICrqyy8iBMlt8
Score

7^/10

discovery persistence privilege_escalation
- Drops startup file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

© 2018-2024

Terms | Privacy