General
-
Target
b1.exe
-
Size
1.6MB
-
Sample
241111-2apths1nfp
-
MD5
ce0bc75850960ef518cb8587361a89e7
-
SHA1
e905a79ddd32771a5863539703b7888af239d810
-
SHA256
c38c3ea3cd896f40ecba6f03b56008d19ed91e7589d443df90d06dd49092312c
-
SHA512
81c016341dc9f80a385e338c67d724af1e80bc6b21c2eed04c87baa2b1af73077443c354a1f7f99badbabc82b7a434846d9a0fa874d99f902e404dbaa0622753
-
SSDEEP
24576:ZD376QJDRqQaDg8OjdCMDuJOU1D9bAG2mEAb/JGKRPn03DT90rL:ZPdJ9ZenBOU19bN2mEGxJRP0l0rL
Static task
static1
Behavioral task
behavioral1
Sample
b1.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
b1.exe
-
Size
1.6MB
-
MD5
ce0bc75850960ef518cb8587361a89e7
-
SHA1
e905a79ddd32771a5863539703b7888af239d810
-
SHA256
c38c3ea3cd896f40ecba6f03b56008d19ed91e7589d443df90d06dd49092312c
-
SHA512
81c016341dc9f80a385e338c67d724af1e80bc6b21c2eed04c87baa2b1af73077443c354a1f7f99badbabc82b7a434846d9a0fa874d99f902e404dbaa0622753
-
SSDEEP
24576:ZD376QJDRqQaDg8OjdCMDuJOU1D9bAG2mEAb/JGKRPn03DT90rL:ZPdJ9ZenBOU19bN2mEGxJRP0l0rL
-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1