3e5e23c0adf484b96a726f9ecdbd4a3089ad7f8979329616b73e521825e183ae | Triage

Submit
Reports

Overview

overview

8

Static

static

1

Screenshot...PM.png

windows7-x64

8

Screenshot...PM.png

windows10-2004-x64

3

Resubmissions

07-10-2024 19:03

241007-xqldtavhra 6

27-09-2024 23:46

240927-3samzsybkf 8

27-09-2024 23:14

240927-28aggsxbnh 10

27-09-2024 23:12

240927-26vpmsvbjk 8

27-09-2024 20:13

240927-yzes3axdnk 8

27-09-2024 20:12

240927-yy349sxdmm 3

27-09-2024 20:10

240927-yxq4bazcma 3

27-09-2024 20:02

240927-yr5drazaqf 8

27-09-2024 19:59

240927-yqh45axamm 3

27-09-2024 19:56

240927-ynwx7swhll 3

Sharing

General

Target

Screenshot 2024-09-24 2.11.17 PM.png
Size

45KB
Sample

240927-yzes3axdnk
MD5

578c76503d19e73f7a935cdfb1a4108e
SHA1

74644b49ebeb844cfa821fe70251f8e56ac6e112
SHA256

3e5e23c0adf484b96a726f9ecdbd4a3089ad7f8979329616b73e521825e183ae
SHA512

52b1cb29234be0e46a90cc26f8ac9ad6ff45887f80fbaf20da53bce7c9530111778317aaa393e6e94fe97f3f15372a0de869f709e768f278bd74ba989599ca0d
SSDEEP

768:54PXdrAREaTeqsZ+93ArVC7UpbJss0JAKEKFXsojUIFI5A29+FKn2g5Fh2O:54Pa1swmfNIOKEKSY29tnxhz

Score

8^/10

discovery evasion persistence privilege_escalation trojan

Static task

static1

Behavioral task

behavioral1

Sample

Screenshot 2024-09-24 2.11.17 PM.png

Resource

win7-20240903-en

discovery evasion persistence privilege_escalation trojan

windows7-x64

27 signatures

1800 seconds

Behavioral task

behavioral2

Sample

Screenshot 2024-09-24 2.11.17 PM.png

Resource

win10v2004-20240802-en

windows10-2004-x64

10 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Screenshot 2024-09-24 2.11.17 PM.png
- Size
  
  45KB
- MD5
  
  578c76503d19e73f7a935cdfb1a4108e
- SHA1
  
  74644b49ebeb844cfa821fe70251f8e56ac6e112
- SHA256
  
  3e5e23c0adf484b96a726f9ecdbd4a3089ad7f8979329616b73e521825e183ae
- SHA512
  
  52b1cb29234be0e46a90cc26f8ac9ad6ff45887f80fbaf20da53bce7c9530111778317aaa393e6e94fe97f3f15372a0de869f709e768f278bd74ba989599ca0d
- SSDEEP
  
  768:54PXdrAREaTeqsZ+93ArVC7UpbJss0JAKEKFXsojUIFI5A29+FKn2g5Fh2O:54Pa1swmfNIOKEKSY29tnxhz
Score

8^/10

discovery evasion persistence privilege_escalation trojan
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

© 2018-2025

Terms | Privacy