962f3aefd2897e2c50d1f1723d6680fb7be719a550a3a1d9b0eff12b2953f890 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

unnamed.jpg

windows11-21h2-x64

8

Sharing

General

Target

unnamed.jpg
Size

69KB
Sample

241227-x47tzayjgy
MD5

75aed1d385a7325dc66968457d5c2db6
SHA1

d3d23a01a500161fb09bdfe608dd782c991bbec0
SHA256

962f3aefd2897e2c50d1f1723d6680fb7be719a550a3a1d9b0eff12b2953f890
SHA512

e1d642a10e1e457162dcd84e4a3e845d2aa7877871e90d3d3241efad62ea7cde887579545bdeeaaffcab1297f4782a903d711a8335403239ebf11ad44a0fa60a
SSDEEP

1536:xVeiyYEfLp93ZPcQY2rgQUwIJfXx6VaoIeudPLH34Jead:xEiyFLpxZ0xMg9fJf48xeudzA

Score

8^/10

defense_evasion discovery persistence phishing privilege_escalation pyinstaller upx

Static task

static1

Behavioral task

behavioral1

Sample

unnamed.jpg

Resource

win11-20241023-en

defense_evasion discovery persistence phishing privilege_escalation pyinstaller upx

windows11-21h2-x64

30 signatures

150 seconds

Malware Config

Targets

- Target
  
  unnamed.jpg
- Size
  
  69KB
- MD5
  
  75aed1d385a7325dc66968457d5c2db6
- SHA1
  
  d3d23a01a500161fb09bdfe608dd782c991bbec0
- SHA256
  
  962f3aefd2897e2c50d1f1723d6680fb7be719a550a3a1d9b0eff12b2953f890
- SHA512
  
  e1d642a10e1e457162dcd84e4a3e845d2aa7877871e90d3d3241efad62ea7cde887579545bdeeaaffcab1297f4782a903d711a8335403239ebf11ad44a0fa60a
- SSDEEP
  
  1536:xVeiyYEfLp93ZPcQY2rgQUwIJfXx6VaoIeudPLH34Jead:xEiyFLpxZ0xMg9fJf48xeudzA
Score

8^/10

defense_evasion discovery persistence phishing privilege_escalation pyinstaller upx
- Downloads MZ/PE file
- A potential corporate email address has been identified in the URL: 6633dd5dcff475e6fb744426_&@2x.png
  phishing
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistencephishingprivilege_escalationpyinstallerupx

© 2018-2024

Terms | Privacy