de82cc6e49fe5501e27e81701636e7aeaf5f3c252ba467d8a1f1824c235bb3bc | Triage

Submit
Reports

Overview

overview

8

Static

static

1

98icons1.png

windows10-2004-x64

8

Sharing

General

Target

98icons1.png
Size

8KB
Sample

241119-trl5yssrcp
MD5

e095491c395e62f161d55edd1f0d7d97
SHA1

a9a5454993e3f219d611a665c0c3abfd4bc142e8
SHA256

de82cc6e49fe5501e27e81701636e7aeaf5f3c252ba467d8a1f1824c235bb3bc
SHA512

c7f55c45099f0497781e9ef8f13e56f5b203932ca5a4040017533c00b193f1b08519e3e07b38e2243d843de556d3df4f8a4c276fe86f983fcfc8dec7943d32ca
SSDEEP

192:igCaAkM0Kj1TLr+hBYbxnN/y+e0sUFfarZot73i41:ibe61Hr4GnLe01aGjiK

Score

8^/10

discovery lateral_movement persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

98icons1.png

Resource

win10v2004-20241007-en

discovery lateral_movement persistence privilege_escalation

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  98icons1.png
- Size
  
  8KB
- MD5
  
  e095491c395e62f161d55edd1f0d7d97
- SHA1
  
  a9a5454993e3f219d611a665c0c3abfd4bc142e8
- SHA256
  
  de82cc6e49fe5501e27e81701636e7aeaf5f3c252ba467d8a1f1824c235bb3bc
- SHA512
  
  c7f55c45099f0497781e9ef8f13e56f5b203932ca5a4040017533c00b193f1b08519e3e07b38e2243d843de556d3df4f8a4c276fe86f983fcfc8dec7943d32ca
- SSDEEP
  
  192:igCaAkM0Kj1TLr+hBYbxnN/y+e0sUFfarZot73i41:ibe61Hr4GnLe01aGjiK
Score

8^/10

discovery lateral_movement persistence privilege_escalation
- Modifies RDP port number used by Windows
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Remote Services: SMB/Windows Admin Shares
  Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
  lateral_movement
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Remote Services

Remote Desktop Protocol

SMB/Windows Admin Shares

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverylateral_movementpersistenceprivilege_escalation

© 2018-2025

Terms | Privacy