4f8eee1b74f939d7a0e3c4934247256289c695c2410b4e8629bdd029dbe24bff | Triage

Submit
Reports

Overview

overview

7

Static

static

7

tickle_pro...1).exe

windows10-ltsc 2021-x64

7

Resubmissions

13-12-2024 20:55

241213-zqhn2aylh1 7

13-12-2024 20:50

241213-zmywvazpcq 7

13-12-2024 20:50

241213-zmjf6aylfw 7

Sharing

General

Target

tickle_protected (1).exe
Size

21.5MB
Sample

241213-zmywvazpcq
MD5

c768376c8456a7197cb08ef603530138
SHA1

2ebff4e549ef5a7958801c88a569db3af4a7342c
SHA256

4f8eee1b74f939d7a0e3c4934247256289c695c2410b4e8629bdd029dbe24bff
SHA512

d3e9e458718ed25211cda67c08678b0bd5533bb623d196b4d3ad1c10bd10f65605cd668a3db478c50ea478219a2d21a0ee0ba178b917e8aa42e352e6609678d9
SSDEEP

393216:qZiFBVEv1pFXPoLw9uJJj7YTW8oqcorXuFAe+NxA5VpdRwjd3Uwud1gYDsfjpXjD:MinVEvlPoLsuJliaqhrXuKe+TGFRw5MO

Score

7^/10

microsoft discovery persistence phishing privilege_escalation themida

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

tickle_protected (1).exe

Resource

win10ltsc2021-20241211-en

microsoft discovery persistence phishing privilege_escalation themida

windows10-ltsc 2021-x64

28 signatures

150 seconds

Malware Config

Targets

- Target
  
  tickle_protected (1).exe
- Size
  
  21.5MB
- MD5
  
  c768376c8456a7197cb08ef603530138
- SHA1
  
  2ebff4e549ef5a7958801c88a569db3af4a7342c
- SHA256
  
  4f8eee1b74f939d7a0e3c4934247256289c695c2410b4e8629bdd029dbe24bff
- SHA512
  
  d3e9e458718ed25211cda67c08678b0bd5533bb623d196b4d3ad1c10bd10f65605cd668a3db478c50ea478219a2d21a0ee0ba178b917e8aa42e352e6609678d9
- SSDEEP
  
  393216:qZiFBVEv1pFXPoLw9uJJj7YTW8oqcorXuFAe+NxA5VpdRwjd3Uwud1gYDsfjpXjD:MinVEvlPoLsuJliaqhrXuKe+TGFRw5MO
Score

7^/10

microsoft discovery persistence phishing privilege_escalation themida
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Drops desktop.ini file(s)
- Detected potential entity reuse from brand MICROSOFT.
  phishing microsoft
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

microsoftdiscoverypersistencephishingprivilege_escalationthemida

© 2018-2024

Terms | Privacy