a1e8bde1693c3a1a240515f370757cb441bc9477dcafb53785e11ca175ec8184 | Triage

Resubmissions

15-10-2024 14:41

241015-r2v5hatgml 10

15-10-2024 14:37

241015-rzckdatfpk 8

Sharing

General

Target

skin.png
Size

22KB
Sample

241015-rzckdatfpk
MD5

092276e3abff01e1ccc54ee8613c3568
SHA1

1350e975810d7dc7ca61931dbbe2bbea26f86f55
SHA256

a1e8bde1693c3a1a240515f370757cb441bc9477dcafb53785e11ca175ec8184
SHA512

1d99bc60373459a0fb901085dacacd7e13e9be537e54755658b6fcfe377575bd58b69fda6f873cfbbe28bdbaea8942ea794f12e3c5f90a68b4911630e7767336
SSDEEP

384:E4D/ghg48kC0hVp1hwu8QdHQXiOA+RUNRU8pXQSjLl0CaFyZP20HZ1ju/xY:E/iDkHXhwRQQjRUNRttQglltZP2Wj0+

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  skin.png
- Size
  
  22KB
- MD5
  
  092276e3abff01e1ccc54ee8613c3568
- SHA1
  
  1350e975810d7dc7ca61931dbbe2bbea26f86f55
- SHA256
  
  a1e8bde1693c3a1a240515f370757cb441bc9477dcafb53785e11ca175ec8184
- SHA512
  
  1d99bc60373459a0fb901085dacacd7e13e9be537e54755658b6fcfe377575bd58b69fda6f873cfbbe28bdbaea8942ea794f12e3c5f90a68b4911630e7767336
- SSDEEP
  
  384:E4D/ghg48kC0hVp1hwu8QdHQXiOA+RUNRU8pXQSjLl0CaFyZP20HZ1ju/xY:E/iDkHXhwRQQjRUNRttQglltZP2Wj0+
Score

8^/10

discovery persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistenceprivilege_escalation