d4af95b68b43d3acde22117bb13c95dace146531f5493a707150506ae6817221 | Triage

Resubmissions

21/08/2024, 09:43

240821-lpwyda1fla 7

Sharing

Copy URL Twitter E-mail

General

Target

SoundPad.rar
Size

7.1MB
Sample

240821-lpwyda1fla
MD5

b8b3a1cf6b3efeb8831d23e15a98b4f7
SHA1

55f3527143c0346a1c5c177494582d9726035674
SHA256

d4af95b68b43d3acde22117bb13c95dace146531f5493a707150506ae6817221
SHA512

6d8cc51903cb6a6926ea3aa3c71f47abc9d01d5aa60fca86150c0d583bdaf40b8716a6d93763ba4f7681c2afd65042ca4791a0b6dd06f937386073938e25d5a0
SSDEEP

196608:fd012erwKnFdZlG7ztokhybpq+rlr6czvqRLoVW:f3ozZlGPryprlrdzCRL/

Score

7^/10

persistence privilege_escalation upx

Malware Config

Targets

- Target
  
  SoundPad.rar
- Size
  
  7.1MB
- MD5
  
  b8b3a1cf6b3efeb8831d23e15a98b4f7
- SHA1
  
  55f3527143c0346a1c5c177494582d9726035674
- SHA256
  
  d4af95b68b43d3acde22117bb13c95dace146531f5493a707150506ae6817221
- SHA512
  
  6d8cc51903cb6a6926ea3aa3c71f47abc9d01d5aa60fca86150c0d583bdaf40b8716a6d93763ba4f7681c2afd65042ca4791a0b6dd06f937386073938e25d5a0
- SSDEEP
  
  196608:fd012erwKnFdZlG7ztokhybpq+rlr6czvqRLoVW:f3ozZlGPryprlrdzCRL/
Score

3^/10
behavioral1
- Target
  
  Soundpad.exe
- Size
  
  10.9MB
- MD5
  
  0ae4f60d72e0d1c159505500b8a08ebb
- SHA1
  
  bb352dafd3c3ebebb4414b799010fe5ebddbef44
- SHA256
  
  ed3371229647ef876b45cb5940e48b461df58d4e68ad4932f5877eba90c8d379
- SHA512
  
  88495911df544a04a4e09828ae10b57d3d945c41d6e28964c2d4d077afa43fec1c82a8ff6dcce57a3c7b9e5d02d1e47f800f557b022866f5f7be4a2db9b07536
- SSDEEP
  
  196608:fDRlger67uOemwy1LR/XU3gmsRM0wWM+wC89ooEvu:UerSwAVE3XsRMiJpsf
Score

7^/10

persistence privilege_escalation upx
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistenceprivilege_escalationupx