dc2dbea5f491f9ef06e44d2584dd2adb6a29171f4c5651011e2ccbe6d9461f59 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

l2AWsh (1).webp

windows11-21h2-x64

8

Resubmissions

18-02-2025 09:02

250218-kztqbsyqew 8

Sharing

General

Target

l2AWsh (1).webp
Size

299KB
Sample

250218-kztqbsyqew
MD5

affa51e6bca1bbeb21a083658f5d6ca2
SHA1

2644a6649e37d66518a389b75237c37bba60709a
SHA256

dc2dbea5f491f9ef06e44d2584dd2adb6a29171f4c5651011e2ccbe6d9461f59
SHA512

1f24eefa11f6f14dc8b78b2b65af9b3e172989268e74a8af440c92e25ddf4d9545002a4a9047af2ff2cbba2b5692b527f7977e74a49cc437fe645720639d823d
SSDEEP

6144:qImQXxEttp71i1VQ8yFlxJR7GWb58GzzY5baxWKsaq5RT9ARVkdWQs4fj:qIVIrz8yTPR7GWbOjNysJs4r

Score

8^/10

defense_evasion discovery execution persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

l2AWsh (1).webp

Resource

win11-20250217-en

defense_evasion discovery execution persistence privilege_escalation

windows11-21h2-x64

31 signatures

300 seconds

Malware Config

Targets

- Target
  
  l2AWsh (1).webp
- Size
  
  299KB
- MD5
  
  affa51e6bca1bbeb21a083658f5d6ca2
- SHA1
  
  2644a6649e37d66518a389b75237c37bba60709a
- SHA256
  
  dc2dbea5f491f9ef06e44d2584dd2adb6a29171f4c5651011e2ccbe6d9461f59
- SHA512
  
  1f24eefa11f6f14dc8b78b2b65af9b3e172989268e74a8af440c92e25ddf4d9545002a4a9047af2ff2cbba2b5692b527f7977e74a49cc437fe645720639d823d
- SSDEEP
  
  6144:qImQXxEttp71i1VQ8yFlxJR7GWb58GzzY5baxWKsaq5RT9ARVkdWQs4fj:qIVIrz8yTPR7GWbOjNysJs4r
Score

8^/10

defense_evasion discovery execution persistence privilege_escalation
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Enumerates processes with tasklist
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionpersistenceprivilege_escalation

© 2018-2025

Terms | Privacy