General
-
Target
LDPlayer9_fr_1102_ld.exe
-
Size
2.5MB
-
Sample
241028-3ah7eazdnq
-
MD5
6908b774daad336d0ab1c55f55c344c4
-
SHA1
04ea8a943ca41fe152a4c2ec99ede83967d546f3
-
SHA256
10c59dd6cef6195616ec76184885c1ed1134f9c2ca801652c81a018d040ebbe4
-
SHA512
aa283489d2474f7b8a5f2bb6f524aa5c3f99932b61e52737db36b8cc7b168e6040217ec69860592e473fab6df5597cc30ce79c23b17805f6cf3c854f41d41de8
-
SSDEEP
49152:GNfatughHaKLIKN1cueXlaYbsISTb/am5B8y6sEUhSSwoUK0:Gla4ghHaKMu2IYbsIW/amj8yF8SE
Static task
static1
Behavioral task
behavioral1
Sample
LDPlayer9_fr_1102_ld.exe
Resource
win10ltsc2021-20241023-en
Malware Config
Targets
-
-
Target
LDPlayer9_fr_1102_ld.exe
-
Size
2.5MB
-
MD5
6908b774daad336d0ab1c55f55c344c4
-
SHA1
04ea8a943ca41fe152a4c2ec99ede83967d546f3
-
SHA256
10c59dd6cef6195616ec76184885c1ed1134f9c2ca801652c81a018d040ebbe4
-
SHA512
aa283489d2474f7b8a5f2bb6f524aa5c3f99932b61e52737db36b8cc7b168e6040217ec69860592e473fab6df5597cc30ce79c23b17805f6cf3c854f41d41de8
-
SSDEEP
49152:GNfatughHaKLIKN1cueXlaYbsISTb/am5B8y6sEUhSSwoUK0:Gla4ghHaKMu2IYbsIW/amj8yF8SE
-
Creates new service(s)
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
File and Directory Permissions Modification
1Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1