monster | a847324087308fe05cd8c19ca1ee914e7d524a8b19c395dc200e028c84e7ddeb | Triage

Submit
Reports

Overview

overview

Static

static

stub.exe

windows11-21h2-x64

8

Sharing

General

Target

stub.exe
Size

16.2MB
Sample

241010-waafyatdjp
MD5

90b4515d76785b508b14e92137c48b77
SHA1

dafee8b42f41fa3fddd2b2957366e3676c2e7faa
SHA256

a847324087308fe05cd8c19ca1ee914e7d524a8b19c395dc200e028c84e7ddeb
SHA512

85ce4cd1a0a2d415288407c9bc1766029e155d0f9f979452693fcbbe52c2ca0b0e60060b80bb690fad1af87e9c0f0174800f6d589192c86e3bec0fbf999bcf69
SSDEEP

98304:pGzmxiNHAYJx8qhHinWhBNU7A2qHnDNumZS5nViM6x9rlAhD4Ur5ETLpubgGg1J4:z+V2qHn85EnLpubTotN1rc0

Score

10^/10

monster defense_evasion discovery persistence privilege_escalation

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

stub.exe

Resource

win11-20241007-en

defense_evasion discovery persistence privilege_escalation

windows11-21h2-x64

27 signatures

150 seconds

Malware Config

Targets

- Target
  
  stub.exe
- Size
  
  16.2MB
- MD5
  
  90b4515d76785b508b14e92137c48b77
- SHA1
  
  dafee8b42f41fa3fddd2b2957366e3676c2e7faa
- SHA256
  
  a847324087308fe05cd8c19ca1ee914e7d524a8b19c395dc200e028c84e7ddeb
- SHA512
  
  85ce4cd1a0a2d415288407c9bc1766029e155d0f9f979452693fcbbe52c2ca0b0e60060b80bb690fad1af87e9c0f0174800f6d589192c86e3bec0fbf999bcf69
- SSDEEP
  
  98304:pGzmxiNHAYJx8qhHinWhBNU7A2qHnDNumZS5nViM6x9rlAhD4Ur5ETLpubgGg1J4:z+V2qHn85EnLpubTotN1rc0
Score

8^/10

defense_evasion discovery persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation

© 2018-2024

Terms | Privacy