Overview

overview

8

Static

static

1

text.txt

windows10-ltsc 2021-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    text.txt

  • Size

    168B

  • Sample

    241125-ttqwxsvqay

  • MD5

    10a317ca10f0fd2af4bf2043ff8dd8fd

  • SHA1

    c02bdb3aba83817ea599a004fcfbf09c419c326b

  • SHA256

    2dbd1033a26118d27915184864ad2a0add89d5ee3153eca157fadaa62ad19af5

  • SHA512

    192f635707607a716f2d12f191cbb12a42f65d1aa5446ea7a6fc6adfe8b1c88d3210488ceec2528d6e276593ed9603fac14939bb431b689702dd4f1829de44e0

Score
8/10
microsoftdiscoverypersistencephishingprivilege_escalationransomware

Malware Config

Targets

    • Target

      text.txt

    • Size

      168B

    • MD5

      10a317ca10f0fd2af4bf2043ff8dd8fd

    • SHA1

      c02bdb3aba83817ea599a004fcfbf09c419c326b

    • SHA256

      2dbd1033a26118d27915184864ad2a0add89d5ee3153eca157fadaa62ad19af5

    • SHA512

      192f635707607a716f2d12f191cbb12a42f65d1aa5446ea7a6fc6adfe8b1c88d3210488ceec2528d6e276593ed9603fac14939bb431b689702dd4f1829de44e0

    Score
    8/10
    microsoftdiscoverypersistencephishingprivilege_escalationransomware

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Detected potential entity reuse from brand MICROSOFT.

      phishingmicrosoft

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks