26d4e9f29b48a8dda6fef47e30269e9564122387348e426c0b8f8b36e77e89c5 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

punkt.py

windows10-1703-x64

8

Resubmissions

29/08/2024, 19:50

240829-ykff2szenm 8

29/08/2024, 19:50

240829-yj75nsyalf 3

29/08/2024, 19:49

240829-yjyw1ayakg 3

29/08/2024, 19:48

240829-yh42maxhrc 3

29/08/2024, 19:47

240829-yhp8gazdrk 3

29/08/2024, 19:46

240829-yg1mtazdpj 3

Sharing

Copy URL Twitter E-mail

General

Target

punkt.py
Size

678B
Sample

240829-ykff2szenm
MD5

d7932611c7c7fd90ededb5d3b8b73d09
SHA1

c7059ce0693aeea1f491dd369ee539dd58e60aba
SHA256

26d4e9f29b48a8dda6fef47e30269e9564122387348e426c0b8f8b36e77e89c5
SHA512

fdf679230d49e228610b7ae24ea14af7597c6cdc9b3ae45c3c87cc476f43f33b99b8abe331d300690f8f370758d67820f8ae1c195c3bf21f9d1e0da006605736

Score

8^/10

discovery persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

punkt.py

Resource

win10-20240404-en

discovery persistence privilege_escalation

windows10-1703-x64

30 signatures

150 seconds

Malware Config

Targets

- Target
  
  punkt.py
- Size
  
  678B
- MD5
  
  d7932611c7c7fd90ededb5d3b8b73d09
- SHA1
  
  c7059ce0693aeea1f491dd369ee539dd58e60aba
- SHA256
  
  26d4e9f29b48a8dda6fef47e30269e9564122387348e426c0b8f8b36e77e89c5
- SHA512
  
  fdf679230d49e228610b7ae24ea14af7597c6cdc9b3ae45c3c87cc476f43f33b99b8abe331d300690f8f370758d67820f8ae1c195c3bf21f9d1e0da006605736
Score

8^/10

discovery persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

© 2018-2025

Terms | Privacy