d6f0c9d7efe02de528a908285a989cc41903bc34b3448e5638af551ef12f77a5 | Triage

Sharing

General

Target

dnrepairer.exe
Size

41.9MB
Sample

241031-vcy2ms1hrq
MD5

cee286a3b75e2e3b92359a54a129a8cf
SHA1

d9708dc4a44c32a25d31eb93b7e0627155c5a871
SHA256

d6f0c9d7efe02de528a908285a989cc41903bc34b3448e5638af551ef12f77a5
SHA512

daf84e165437170d2ae029f2092ea9dbde03d6a34d85ac710e679e560333f8c17c6a2fc16ad69adad36ccf29c462f9c92346ca42e163e7a8c4069253456f06c1
SSDEEP

786432:cDC5YCsXMCK3g9cHgEw30nlKsGAIKuUEDqrfsVrZmxSXr2Okab:tPiMRfg+KsGAIMEWrEHmMXaI

Score

8^/10

discovery execution exploit persistence privilege_escalation

Malware Config

Targets

- Target
  
  dnrepairer.exe
- Size
  
  41.9MB
- MD5
  
  cee286a3b75e2e3b92359a54a129a8cf
- SHA1
  
  d9708dc4a44c32a25d31eb93b7e0627155c5a871
- SHA256
  
  d6f0c9d7efe02de528a908285a989cc41903bc34b3448e5638af551ef12f77a5
- SHA512
  
  daf84e165437170d2ae029f2092ea9dbde03d6a34d85ac710e679e560333f8c17c6a2fc16ad69adad36ccf29c462f9c92346ca42e163e7a8c4069253456f06c1
- SSDEEP
  
  786432:cDC5YCsXMCK3g9cHgEw30nlKsGAIKuUEDqrfsVrZmxSXr2Okab:tPiMRfg+KsGAIMEWrEHmMXaI
Score

8^/10

discovery execution exploit persistence privilege_escalation
- Creates new service(s)
  persistence execution
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

File and Directory Permissions Modification

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecutionexploitpersistenceprivilege_escalation

behavioral2

discoveryexecutionexploitpersistenceprivilege_escalation