10c59dd6cef6195616ec76184885c1ed1134f9c2ca801652c81a018d040ebbe4 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

LDPlayer9_...ld.exe

windows7-x64

6

LDPlayer9_...ld.exe

windows10-2004-x64

8

Sharing

General

Target

LDPlayer9_fr_com.alightcreative.motion_8110_ld.exe
Size

2.5MB
Sample

241030-p5w5vsvnhn
MD5

6908b774daad336d0ab1c55f55c344c4
SHA1

04ea8a943ca41fe152a4c2ec99ede83967d546f3
SHA256

10c59dd6cef6195616ec76184885c1ed1134f9c2ca801652c81a018d040ebbe4
SHA512

aa283489d2474f7b8a5f2bb6f524aa5c3f99932b61e52737db36b8cc7b168e6040217ec69860592e473fab6df5597cc30ce79c23b17805f6cf3c854f41d41de8
SSDEEP

49152:GNfatughHaKLIKN1cueXlaYbsISTb/am5B8y6sEUhSSwoUK0:Gla4ghHaKMu2IYbsIW/amj8yF8SE

Score

8^/10

discovery execution exploit persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

LDPlayer9_fr_com.alightcreative.motion_8110_ld.exe

Resource

win7-20241010-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

LDPlayer9_fr_com.alightcreative.motion_8110_ld.exe

Resource

win10v2004-20241007-en

discovery execution exploit persistence privilege_escalation

windows10-2004-x64

30 signatures

150 seconds

Malware Config

Targets

- Target
  
  LDPlayer9_fr_com.alightcreative.motion_8110_ld.exe
- Size
  
  2.5MB
- MD5
  
  6908b774daad336d0ab1c55f55c344c4
- SHA1
  
  04ea8a943ca41fe152a4c2ec99ede83967d546f3
- SHA256
  
  10c59dd6cef6195616ec76184885c1ed1134f9c2ca801652c81a018d040ebbe4
- SHA512
  
  aa283489d2474f7b8a5f2bb6f524aa5c3f99932b61e52737db36b8cc7b168e6040217ec69860592e473fab6df5597cc30ce79c23b17805f6cf3c854f41d41de8
- SSDEEP
  
  49152:GNfatughHaKLIKN1cueXlaYbsISTb/am5B8y6sEUhSSwoUK0:Gla4ghHaKMu2IYbsIW/amj8yF8SE
Score

8^/10

discovery execution exploit persistence privilege_escalation
- Creates new service(s)
  persistence execution
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryexecutionexploitpersistenceprivilege_escalation

© 2018-2024

Terms | Privacy