General
-
Target
Copy of Code.Org Express Course JOURNAL - HEADPHONES! (F24) (1).docx
-
Size
18KB
-
Sample
240829-tkq6bszdpa
-
MD5
17134e9f6e31ef3c53db6e3a24a66e4f
-
SHA1
04db173e3b73f77e75ceaa0a0caa9f46b1911962
-
SHA256
f38c426db4d86cb1ba9ad4c7b4e76ecc05c31f9259ff1a99d0c73d723df2085d
-
SHA512
894119cfed7846068945ece2a0ded183bbf3746fb22111035207c6e13453de0e2d0cc63ebaa63bd2f224a56423e5aad26ff0aaf5c51dd0755244d1b4eba69228
-
SSDEEP
384:t8xuk1eihiO/Plp3VlgvQvoBQY8SiFhkTU8p7Icfp7neEn9lfida:iuseihislplmvMoaY8joU8p7XfpKE+4
Static task
static1
Behavioral task
behavioral1
Sample
Copy of Code.Org Express Course JOURNAL - HEADPHONES! (F24) (1).docx
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
Copy of Code.Org Express Course JOURNAL - HEADPHONES! (F24) (1).docx
-
Size
18KB
-
MD5
17134e9f6e31ef3c53db6e3a24a66e4f
-
SHA1
04db173e3b73f77e75ceaa0a0caa9f46b1911962
-
SHA256
f38c426db4d86cb1ba9ad4c7b4e76ecc05c31f9259ff1a99d0c73d723df2085d
-
SHA512
894119cfed7846068945ece2a0ded183bbf3746fb22111035207c6e13453de0e2d0cc63ebaa63bd2f224a56423e5aad26ff0aaf5c51dd0755244d1b4eba69228
-
SSDEEP
384:t8xuk1eihiO/Plp3VlgvQvoBQY8SiFhkTU8p7Icfp7neEn9lfida:iuseihislplmvMoaY8joU8p7XfpKE+4
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Remote Service Session Hijacking: RDP Hijacking
Adversaries may hijack a legitimate user's remote desktop session to move laterally within an environment.
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Password Policy Discovery
Attempt to access detailed information about the password policy used within an enterprise network.
-
Hide Artifacts: Hidden Users
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Safe Mode Boot
1Hide Artifacts
3Hidden Files and Directories
2Hidden Users
1Modify Registry
2Discovery
Query Registry
3Peripheral Device Discovery
1System Information Discovery
3Password Policy Discovery
1Browser Information Discovery
1Permission Groups Discovery
1Local Groups
1System Location Discovery
1System Language Discovery
1