229cfe6fd7e042b7b73d2cb84fb75f04778740d7f5dfc234850706a5f48ffb96 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

Peam.exe

windows7-x64

7

Peam.exe

windows10-1703-x64

7

Peam.exe

windows10-2004-x64

7

Peam.exe

windows11-21h2-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

Peam.exe
Size

20.6MB
Sample

240824-3pdkgawenb
MD5

66dd4a784a2f05ccde36c2aebd5ade99
SHA1

3e654231d413eed3bef307fa8aaf2377c9ccc934
SHA256

229cfe6fd7e042b7b73d2cb84fb75f04778740d7f5dfc234850706a5f48ffb96
SHA512

224b6611312cbfab62c2587d11ec7100246b655f0ce76a0c9f81b43fc6403d8a85b6c9f00ace3ff3c96fa799f8481a36495548e51848e3f00f61077e04d3cce6
SSDEEP

393216:Aq+Jsv6tWKFdu9C2KS1P7nEscpZr8LE10MT4xwGyxBKP1JztKuUyvUTAzayj+lhe:hP1nxcpZ9z4xsB4z/JvUTWZjlXykJ

Score

7^/10

discovery persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

Peam.exe

Resource

win7-20240708-en

discovery persistence privilege_escalation

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

Peam.exe

Resource

win10-20240404-en

discovery persistence privilege_escalation

windows10-1703-x64

19 signatures

150 seconds

Behavioral task

behavioral3

Sample

Peam.exe

Resource

win10v2004-20240802-en

discovery persistence privilege_escalation

windows10-2004-x64

20 signatures

150 seconds

Behavioral task

behavioral4

Sample

Peam.exe

Resource

win11-20240802-en

discovery persistence privilege_escalation

windows11-21h2-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  Peam.exe
- Size
  
  20.6MB
- MD5
  
  66dd4a784a2f05ccde36c2aebd5ade99
- SHA1
  
  3e654231d413eed3bef307fa8aaf2377c9ccc934
- SHA256
  
  229cfe6fd7e042b7b73d2cb84fb75f04778740d7f5dfc234850706a5f48ffb96
- SHA512
  
  224b6611312cbfab62c2587d11ec7100246b655f0ce76a0c9f81b43fc6403d8a85b6c9f00ace3ff3c96fa799f8481a36495548e51848e3f00f61077e04d3cce6
- SSDEEP
  
  393216:Aq+Jsv6tWKFdu9C2KS1P7nEscpZr8LE10MT4xwGyxBKP1JztKuUyvUTAzayj+lhe:hP1nxcpZ9z4xsB4z/JvUTWZjlXykJ
Score

7^/10

discovery persistence privilege_escalation
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation

behavioral3

discoverypersistenceprivilege_escalation

behavioral4

discoverypersistenceprivilege_escalation

© 2018-2025

Terms | Privacy