d426c1111731c93fabcb8e78d9bfd62ac31b391033a6117d02efcbb0db5e40a6 | Triage

Sharing

General

Target

d426c1111731c93fabcb8e78d9bfd62ac31b391033a6117d02efcbb0db5e40a6
Size

140KB
Sample

241122-ferm1svkg1
MD5

02a93781de1b642b89e9617ae9e1e733
SHA1

dfd8eed9bab5377c2155c310ea610f28d85ded38
SHA256

d426c1111731c93fabcb8e78d9bfd62ac31b391033a6117d02efcbb0db5e40a6
SHA512

2587c1efe70d923f0e8bf399733eea61d20f68fe885686167262e6a0f2c7b48f88be5ed0aff7d1431afede0f93660d5c02afa62581e62e81ac7ab394ed30f277
SSDEEP

3072:F/nU3TQCUKnNlF7ZrHRiaL9qJdZre4/6SRkBK0IocitaoLBms:W38Cb7pqtK42BK0ltpdm

Score

10^/10

discovery evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  d426c1111731c93fabcb8e78d9bfd62ac31b391033a6117d02efcbb0db5e40a6
- Size
  
  140KB
- MD5
  
  02a93781de1b642b89e9617ae9e1e733
- SHA1
  
  dfd8eed9bab5377c2155c310ea610f28d85ded38
- SHA256
  
  d426c1111731c93fabcb8e78d9bfd62ac31b391033a6117d02efcbb0db5e40a6
- SHA512
  
  2587c1efe70d923f0e8bf399733eea61d20f68fe885686167262e6a0f2c7b48f88be5ed0aff7d1431afede0f93660d5c02afa62581e62e81ac7ab394ed30f277
- SSDEEP
  
  3072:F/nU3TQCUKnNlF7ZrHRiaL9qJdZre4/6SRkBK0IocitaoLBms:W38Cb7pqtK42BK0ltpdm
Score

10^/10

discovery evasion persistence privilege_escalation
- Modifies security service
  evasion
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2