General
-
Target
https://drive.google.com/uc?id=1BBxQR1RioqaoNT1LBGJA99dWohXhm-Cj&export=download
-
Sample
240904-3fbphszbqc
Score
8/10
Malware Config
Targets
-
-
Target
https://drive.google.com/uc?id=1BBxQR1RioqaoNT1LBGJA99dWohXhm-Cj&export=download
Score8/10-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Modifies system executable filetype association
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Privilege Escalation
Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1