0dbca7fe17ff273cbcb1a277519e936fac2dbda46fa3d5b31f56a22de9c9ab57 | Triage

Submit
Reports

Overview

overview

Static

static

1

Ethan Iann... B.pdf

windows11-21h2-x64

Sharing

General

Target

Ethan Iannce - Bridges U2M1S5 Seascape B.pdf
Size

1.3MB
Sample

241018-z1r1fszhmq
MD5

9698320be63ed20e686e9522dccb0e6c
SHA1

151275d482d19bb6a8010b08bdda66b7e23fc35c
SHA256

0dbca7fe17ff273cbcb1a277519e936fac2dbda46fa3d5b31f56a22de9c9ab57
SHA512

a85af5f0adfb76ecd4a2a200523e6116deac02dab07239eda723fc674e7fce75d182943a70993e1279768c3a204476700d67c71397b10f826fad5fa0130106de
SSDEEP

24576:xohxvpwzY2fEmEjR3JTpDhy9yH6ODkTPOypvfNHkHKHm6Qzx6Qc:SxvpwHMDR3VpzPOXNEfc

Score

10^/10

steam defense_evasion discovery evasion persistence phishing

Static task

static1

Behavioral task

behavioral1

Sample

Ethan Iannce - Bridges U2M1S5 Seascape B.pdf

Resource

win11-20241007-en

steam defense_evasion discovery evasion persistence phishing

windows11-21h2-x64

29 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Ethan Iannce - Bridges U2M1S5 Seascape B.pdf
- Size
  
  1.3MB
- MD5
  
  9698320be63ed20e686e9522dccb0e6c
- SHA1
  
  151275d482d19bb6a8010b08bdda66b7e23fc35c
- SHA256
  
  0dbca7fe17ff273cbcb1a277519e936fac2dbda46fa3d5b31f56a22de9c9ab57
- SHA512
  
  a85af5f0adfb76ecd4a2a200523e6116deac02dab07239eda723fc674e7fce75d182943a70993e1279768c3a204476700d67c71397b10f826fad5fa0130106de
- SSDEEP
  
  24576:xohxvpwzY2fEmEjR3JTpDhy9yH6ODkTPOypvfNHkHKHm6Qzx6Qc:SxvpwHMDR3VpzPOXNEfc
Score

10^/10

steam defense_evasion discovery evasion persistence phishing
- Modifies security service
  evasion
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Detected potential entity reuse from brand STEAM.
  phishing steam
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

steamdefense_evasiondiscoveryevasionpersistencephishing

© 2018-2024

Terms | Privacy