662989d40ce8865042f68aaf3f831cba019a74090a36471077f7b51d2f5989c1 | Triage

Sharing

General

Target

ffff.rar
Size

5.2MB
Sample

240821-lx6sjssape
MD5

2f1076300e4ad02d2d43985f4a55def9
SHA1

e2acda003a7980edf81ee4925ecc73a8deae3245
SHA256

662989d40ce8865042f68aaf3f831cba019a74090a36471077f7b51d2f5989c1
SHA512

7521344afa848a025f14a60f4648fe24bc1f152d897c77598f4d680dc64e11b0e1f8683232dfce02d846a6c0d256628e37c091f46d60425a16984b4fc6230eed
SSDEEP

98304:pP8US8h0T/tuX3buU6Sq4eEEOTfKf7MX4AcsV2GjqA8ea8O82+xxZUgLhQeRgWiG:pPXh0qrNqDEpTC5MJqA8eaMDLhQGUF5+

Score

5^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  Soundpad.exe
- Size
  
  11.6MB
- MD5
  
  ecdde99f36da416560e91f7c9f97b390
- SHA1
  
  7957c54b11b2318e897b673bcc6aeafc92ac39c8
- SHA256
  
  0b6f4d707649f9913257c50692f86f79b7e942ea0eef2eaa30b53702a63621c7
- SHA512
  
  9ad6b5085cc12593c5c8dd094743d4e73b0693487f04f89705eb1ea09f057f4b5e1f4b2d03bd3b79b38074590c7bd75acd5484f878e1627a43549ebb3b38dcf5
- SSDEEP
  
  196608:8qELu/h0xDDF4ppftCyh+DdaIuqFkKz/1xqh0T0Q:87a/h0JF4ppsyh+DyQ
Score

5^/10

persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2
- Target
  
  SoundpadService.exe
- Size
  
  555KB
- MD5
  
  511cd2c53ce1cb609b6128ffc98481f9
- SHA1
  
  63c6d7f910c2019dfedf39e912aee3ffa7e1adf3
- SHA256
  
  c1f862142c7a6cb1afc8a578a709d0853f0748e3b7a91aee85b85b5ca2244bb8
- SHA512
  
  79f0be1ccb2a633b1471488f1ef3d2629930c586cc01e5a385d9c33b8fd4c4cd10c72703d7e043e109d685a230e2a94f0f1e1ebb8e2adf662b5af19cabda4cf9
- SSDEEP
  
  12288:lVAJlJJnLICwzhGGifgrPLaMG5LAdRk9k9:lVKa8EPLav5V9k9
Score

1^/10
behavioral3 behavioral4
- Target
  
  TTS.dll
- Size
  
  161KB
- MD5
  
  e47c48e74f86f24658a4deb4b868f663
- SHA1
  
  7bf35f6d6a43c1a4c7866f8fccce95a4abb82dfb
- SHA256
  
  10c676ce80a159a3913a6f54273b3b44a06ef52397cbd0b8addf5a622a060e3f
- SHA512
  
  b6bead091464fe521dc2253f0451a729882b1468068aa8c6258250339d68ce073a51b8b7eb0cbda96540b89e51469702ff13c991f52c7c34ff988087c155a0f7
- SSDEEP
  
  3072:F7/6FDJOlH2esjvgnBUv3okpl4Yx5+Zv+dxqQ10z58EItVi25Qr6nlbSpcR:1/6FxesjvG+fokpqS+p+PqEtVi25I2VX
Score

1^/10
behavioral5 behavioral6
- Target
  
  UniteFx.dll
- Size
  
  584KB
- MD5
  
  232182083ec6ddf266b81811c1d26a3a
- SHA1
  
  ef8c258977752887a0e5d9688fccaf74cb53201d
- SHA256
  
  b7b8218f1c386cb5a703023b6f1871809dcb9a1cb981c7dc6538a4d4fd08272a
- SHA512
  
  e299e0bcfa46e21a718e5eb61b9b3f273ad8c4f5fcd4aa291045b43b62456e4893b37be76e14802ed011532ac914f42b00096d07b117e784f9f195b1380f70ad
- SSDEEP
  
  12288:3/TV7HfaCAl4SWjWOAPQMpWe3OiwOkUOyU0joatvRG1Gv3vKqR:3/TVbaCiXpWMOiXkn2tTvKqR
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8