General
-
Target
ads.rar
-
Size
65B
-
Sample
241109-m6vbjswlfk
-
MD5
1ff72020bab8ff30ec1b89f588fdec19
-
SHA1
63b1422b0cbe4f7f77cbc4d5d57f60f272029036
-
SHA256
5823597ef4cb5af219548736e91dce71cc90599878807d4db29bec04a5239aea
-
SHA512
7b20030b2ba3d9887f0003e7952391da961d8ab270f4e96c2f19a6d7ae962d79abcbfd89e2e968a81ca2257425b32b52693d4b7aa1438f683217200fd63d3cd4
Static task
static1
Behavioral task
behavioral1
Sample
ads.rar
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ads.rar
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
ads.rar
-
Size
65B
-
MD5
1ff72020bab8ff30ec1b89f588fdec19
-
SHA1
63b1422b0cbe4f7f77cbc4d5d57f60f272029036
-
SHA256
5823597ef4cb5af219548736e91dce71cc90599878807d4db29bec04a5239aea
-
SHA512
7b20030b2ba3d9887f0003e7952391da961d8ab270f4e96c2f19a6d7ae962d79abcbfd89e2e968a81ca2257425b32b52693d4b7aa1438f683217200fd63d3cd4
-
Downloads MZ/PE file
-
A potential corporate email address has been identified in the URL: =@L
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
1Query Registry
6Remote System Discovery
1System Information Discovery
6System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1