7c720f30648e25e80bd2d9c1e294cf0511fa9a9bc888c1c454c02a6d753e9344 | Triage

Submit
Reports

Overview

overview

6

Static

static

1

si9B7KU.exe

windows10-1703-x64

6

Sharing

Copy URL Twitter E-mail

General

Target

si9B7KU.exe
Size

4.5MB
Sample

240903-em43mswfnl
MD5

4110441bcce6304b69e739b0205f16cd
SHA1

3ab71b81c77a79e699b2e95c016ffd4f8eb529ce
SHA256

7c720f30648e25e80bd2d9c1e294cf0511fa9a9bc888c1c454c02a6d753e9344
SHA512

13a140666ebc63862d3cc66974e832fd660ea5c90b42575febf9724a925e907a82cce5ef7ea710896f954d65b6e5b4cf93a7cebddda0af12dfd472421ced5456
SSDEEP

98304:6YvxtyWyN1meRwiWD/gWguWoI2J783U5FsC3LDbkm:dbmmdiWfgxoIvC7Dom

Score

6^/10

discovery evasion persistence privilege_escalation trojan

Static task

static1

Behavioral task

behavioral1

Sample

si9B7KU.exe

Resource

win10-20240404-en

discovery evasion persistence privilege_escalation trojan

windows10-1703-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  si9B7KU.exe
- Size
  
  4.5MB
- MD5
  
  4110441bcce6304b69e739b0205f16cd
- SHA1
  
  3ab71b81c77a79e699b2e95c016ffd4f8eb529ce
- SHA256
  
  7c720f30648e25e80bd2d9c1e294cf0511fa9a9bc888c1c454c02a6d753e9344
- SHA512
  
  13a140666ebc63862d3cc66974e832fd660ea5c90b42575febf9724a925e907a82cce5ef7ea710896f954d65b6e5b4cf93a7cebddda0af12dfd472421ced5456
- SSDEEP
  
  98304:6YvxtyWyN1meRwiWD/gWguWoI2J783U5FsC3LDbkm:dbmmdiWfgxoIvC7Dom
Score

6^/10

discovery evasion persistence privilege_escalation trojan
- Checks whether UAC is enabled
  evasion trojan
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalationtrojan

© 2018-2025

Terms | Privacy