09d6c526462cbfa46905ab552067853e3ef34ff6e2db05de3d9c3e7b2a42decc | Triage

Submit
Reports

Overview

overview

8

Static

static

3

Loader.rar

windows10-2004-x64

Sharing

General

Target

Loader.rar
Size

2.0MB
Sample

241216-lalh4atphx
MD5

8671554bf9863c593f84d79c447a20dd
SHA1

cd7a78b0bed0ca1759eb670f70afe3b1106ef321
SHA256

09d6c526462cbfa46905ab552067853e3ef34ff6e2db05de3d9c3e7b2a42decc
SHA512

a85524ede477163bad01eb1cf2595ff1056207265e8e1358681129ce46392a7f569b46b600687095525623421c727867ea53bc09c1ff7b57d1c4c4446263d090
SSDEEP

24576:MAbFF+p38UDf3o4YTOzJrh/3+WLH1jHLJ3k+UKTiRZ3IxjGIgm6GFprMlJD9GRNO:vbf+l8UDDQmrHiRZYxlPW3j

Score

8^/10

microsoft discovery persistence phishing privilege_escalation

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Loader.rar

Resource

win10v2004-20241007-en

microsoft discovery persistence phishing privilege_escalation

windows10-2004-x64

28 signatures

150 seconds

Malware Config

Targets

- Target
  
  Loader.rar
- Size
  
  2.0MB
- MD5
  
  8671554bf9863c593f84d79c447a20dd
- SHA1
  
  cd7a78b0bed0ca1759eb670f70afe3b1106ef321
- SHA256
  
  09d6c526462cbfa46905ab552067853e3ef34ff6e2db05de3d9c3e7b2a42decc
- SHA512
  
  a85524ede477163bad01eb1cf2595ff1056207265e8e1358681129ce46392a7f569b46b600687095525623421c727867ea53bc09c1ff7b57d1c4c4446263d090
- SSDEEP
  
  24576:MAbFF+p38UDf3o4YTOzJrh/3+WLH1jHLJ3k+UKTiRZ3IxjGIgm6GFprMlJD9GRNO:vbf+l8UDDQmrHiRZYxlPW3j
Score

8^/10

microsoft discovery persistence phishing privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Detected potential entity reuse from brand MICROSOFT.
  phishing microsoft
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Installer Packages

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Installer Packages

Defense Evasion

Modify Registry

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

microsoftdiscoverypersistencephishingprivilege_escalation

© 2018-2024

Terms | Privacy