General
-
Target
sample
-
Size
19KB
-
Sample
241109-w4zb6asmfk
-
MD5
d3260b3ae124de98bc3ae66eb7207eea
-
SHA1
51648038a817e3d7498eba8ba33cbb6cd751e94c
-
SHA256
1574e033e2aade93e29879505b3d27efb9d6a31a819eb3e11028fabe8c9ad87b
-
SHA512
870ea2113b41ce9dbc4ff1393b0a49f1bdd530ae251acf545b222547b35a6125763dd52a8617f57937e1c729f3d20c2b1506c3d7d422664aa6313c556133fcc1
-
SSDEEP
384:QPZspa1ocy4Y4lbGanMvhpN9aj0mj2b7nBY0CO/Wf21xCejiw:Qb1ocy4XEaMJpNEj0dnBY0CO/0IxPiw
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
sample
-
Size
19KB
-
MD5
d3260b3ae124de98bc3ae66eb7207eea
-
SHA1
51648038a817e3d7498eba8ba33cbb6cd751e94c
-
SHA256
1574e033e2aade93e29879505b3d27efb9d6a31a819eb3e11028fabe8c9ad87b
-
SHA512
870ea2113b41ce9dbc4ff1393b0a49f1bdd530ae251acf545b222547b35a6125763dd52a8617f57937e1c729f3d20c2b1506c3d7d422664aa6313c556133fcc1
-
SSDEEP
384:QPZspa1ocy4Y4lbGanMvhpN9aj0mj2b7nBY0CO/Wf21xCejiw:Qb1ocy4XEaMJpNEj0dnBY0CO/0IxPiw
-
Downloads MZ/PE file
-
A potential corporate email address has been identified in the URL: F207D74D549850760A4C98C6@AdobeOrg
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Netsh Helper DLL
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Netsh Helper DLL
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1