Overview

overview

7

Static

static

1

!#Fileş_#...__.zip

windows11-21h2-x64

7

Resubmissions

28/09/2024, 14:19

240928-rmwgqasgjf 7

28/09/2024, 14:14

240928-rkbdrszdkp 1

Sharing

Copy URL Twitter E-mail

General

  • Target

    !#Fileş_#!UŞe~Passw0rd__~.~280913~.~__.zip

  • Size

    24.1MB

  • Sample

    240928-rmwgqasgjf

  • MD5

    335525f49d800b6ebc09f4d1eb23b40d

  • SHA1

    6af121fae4162f9bb8c5af37b569e8d93443574b

  • SHA256

    107ce79e3e9a756363ae8dcaba99a48c5abd71e2d8c2518fd54f9215e11b5e49

  • SHA512

    31e473fcf0563d15dfd099e44bb508edbbe39284929a00ed08d797763f8d1ceda934adcc77855fdb03b3564f291695bfcee85a102cd43ee6833a169535132834

  • SSDEEP

    393216:HbthqBSV7ywWuMP7+PEnenSyRoNJoTb4ptLRPVxFg7UqCP9YBR6iSd1NS2yp5x:Hx0PpuMP7+BnSjNCovLRd33qCPURbBdj

Score
7/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      !#Fileş_#!UŞe~Passw0rd__~.~280913~.~__.zip

    • Size

      24.1MB

    • MD5

      335525f49d800b6ebc09f4d1eb23b40d

    • SHA1

      6af121fae4162f9bb8c5af37b569e8d93443574b

    • SHA256

      107ce79e3e9a756363ae8dcaba99a48c5abd71e2d8c2518fd54f9215e11b5e49

    • SHA512

      31e473fcf0563d15dfd099e44bb508edbbe39284929a00ed08d797763f8d1ceda934adcc77855fdb03b3564f291695bfcee85a102cd43ee6833a169535132834

    • SSDEEP

      393216:HbthqBSV7ywWuMP7+PEnenSyRoNJoTb4ptLRPVxFg7UqCP9YBR6iSd1NS2yp5x:Hx0PpuMP7+BnSjNCovLRd33qCPURbBdj

    Score
    7/10
    discoverypersistenceprivilege_escalation

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Browser Information Discovery

1
T1217

Query Registry

4
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks