f0ccfcbe9cb32247328ff872632e6a9973d5cb9b18af413d78b98372e5f7b279 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

url[1].html

windows10-2004-x64

8

Sharing

General

Target

url[1]
Size

1KB
Sample

241204-qcvxrswmes
MD5

9239658a5a3142c4512ebcb51e05c7bc
SHA1

b1fb06c545ceaff19bd5018be7ee41eef4da1020
SHA256

f0ccfcbe9cb32247328ff872632e6a9973d5cb9b18af413d78b98372e5f7b279
SHA512

330d8e9da02caa61b9d27c8f000111a787e887638e38bf40b3dd086a37d0105a12695c48ed583e827bd12ec51e86f95fbdcabc76020a5e3256a3ca8ec5523c09

Score

8^/10

microsoft discovery persistence phishing privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

url[1].html

Resource

win10v2004-20241007-en

microsoft discovery persistence phishing privilege_escalation

windows10-2004-x64

33 signatures

1800 seconds

Malware Config

Targets

- Target
  
  url[1]
- Size
  
  1KB
- MD5
  
  9239658a5a3142c4512ebcb51e05c7bc
- SHA1
  
  b1fb06c545ceaff19bd5018be7ee41eef4da1020
- SHA256
  
  f0ccfcbe9cb32247328ff872632e6a9973d5cb9b18af413d78b98372e5f7b279
- SHA512
  
  330d8e9da02caa61b9d27c8f000111a787e887638e38bf40b3dd086a37d0105a12695c48ed583e827bd12ec51e86f95fbdcabc76020a5e3256a3ca8ec5523c09
Score

8^/10

microsoft discovery persistence phishing privilege_escalation
- Downloads MZ/PE file
- A potential corporate email address has been identified in the URL: EA76ADE95776D2EC7F000101@AdobeOrg
  phishing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Detected potential entity reuse from brand MICROSOFT.
  phishing microsoft
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

microsoftdiscoverypersistencephishingprivilege_escalation

© 2018-2025

Terms | Privacy