8066f602091cd2948e4a6649af8c722d75909a9de28c02371464aa5c893d6f4d | Triage

Submit
Reports

Overview

overview

8

Static

static

1

obraz_2024...54.png

windows10-ltsc 2021-x64

8

Resubmissions

19-11-2024 16:48

241119-vbjkkaygrq 7

19-11-2024 16:42

241119-t7sbxaybqg 8

Sharing

General

Target

obraz_2024-11-19_174224454.png
Size

36KB
Sample

241119-t7sbxaybqg
MD5

12de79588850f58437e74944011007b3
SHA1

ecf085d8590ae30abace863588df73bdff58b65c
SHA256

8066f602091cd2948e4a6649af8c722d75909a9de28c02371464aa5c893d6f4d
SHA512

463567654cf745efd5d2cb1f30df55bc77ffee5114b4094b72ce4cdfb2c6a7bab64c79c6a419d676faec9673cdcd5a0fab052a2d292ab93b45f1f00843121880
SSDEEP

768:EMzOFc9xAIuLx6d+k2iXFXAO8q4l1cHNeJ7Is1AJfj:EMzsJLsCiSlK4JbKfj

Score

8^/10

defense_evasion discovery exploit

Static task

static1

Behavioral task

behavioral1

Sample

obraz_2024-11-19_174224454.png

Resource

win10ltsc2021-20241023-en

defense_evasion discovery exploit

windows10-ltsc 2021-x64

24 signatures

300 seconds

Malware Config

Targets

- Target
  
  obraz_2024-11-19_174224454.png
- Size
  
  36KB
- MD5
  
  12de79588850f58437e74944011007b3
- SHA1
  
  ecf085d8590ae30abace863588df73bdff58b65c
- SHA256
  
  8066f602091cd2948e4a6649af8c722d75909a9de28c02371464aa5c893d6f4d
- SHA512
  
  463567654cf745efd5d2cb1f30df55bc77ffee5114b4094b72ce4cdfb2c6a7bab64c79c6a419d676faec9673cdcd5a0fab052a2d292ab93b45f1f00843121880
- SSDEEP
  
  768:EMzOFc9xAIuLx6d+k2iXFXAO8q4l1cHNeJ7Is1AJfj:EMzsJLsCiSlK4JbKfj
Score

8^/10

defense_evasion discovery exploit
- Downloads MZ/PE file
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexploit

© 2018-2025

Terms | Privacy