General
-
Target
LDPlayer9_es_1260_ld.exe
-
Size
2.5MB
-
Sample
241111-hd24gayjhl
-
MD5
4b3458b9c6aaa39ef37fc290459b6908
-
SHA1
ba8b683eca181784d049efd008f50aacf5cf4079
-
SHA256
9bb59ea13d91b11739e9eb8e39ab243d80935310838b0f60b450ac2a906aabee
-
SHA512
0f3977bb0b137ad65465a38be1d97acbd50e1f57078c7bed957fd0c210d1bd5f4895b9afac8af4c202a3f905f021cc7042210fe030ff5de6e6cb7c4f90591dec
-
SSDEEP
49152:1gwNggyPXuB7fEtKubsISTb/am5B8y6sEUhSSwhUPMum:1gwNggyPX48zbsIW/amj8yF8Sg
Static task
static1
Behavioral task
behavioral1
Sample
LDPlayer9_es_1260_ld.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
LDPlayer9_es_1260_ld.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
LDPlayer9_es_1260_ld.exe
-
Size
2.5MB
-
MD5
4b3458b9c6aaa39ef37fc290459b6908
-
SHA1
ba8b683eca181784d049efd008f50aacf5cf4079
-
SHA256
9bb59ea13d91b11739e9eb8e39ab243d80935310838b0f60b450ac2a906aabee
-
SHA512
0f3977bb0b137ad65465a38be1d97acbd50e1f57078c7bed957fd0c210d1bd5f4895b9afac8af4c202a3f905f021cc7042210fe030ff5de6e6cb7c4f90591dec
-
SSDEEP
49152:1gwNggyPXuB7fEtKubsISTb/am5B8y6sEUhSSwhUPMum:1gwNggyPX48zbsIW/amj8yF8Sg
-
Creates new service(s)
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
File and Directory Permissions Modification
1Modify Registry
1Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1