adwind | b46994fd3add4bad1d931fed56cdc3f254faa8bfd602083cafa0b686a9651aa7 | Triage

Submit
Reports

Overview

overview

Static

static

Source.zip

windows11-21h2-x64

7

Sharing

General

Target

Source.zip
Size

437.5MB
Sample

250303-vj3y6stsat
MD5

eaf4815d66bde5f6b013e4f71e214960
SHA1

194128c84e7380e6d454d9fc9498c47f8502d449
SHA256

b46994fd3add4bad1d931fed56cdc3f254faa8bfd602083cafa0b686a9651aa7
SHA512

711df9f37a8ac7dbbcf31fa75ea743c08042ac6f090c7835b2ea3f651709fc3b2fb4e9078bbdee9715037fa320db8073d38206d2bddffe9eab8da1c247fdbde4
SSDEEP

12582912:EYHbFsq8w6jrrvzngbaIA1f4l6mUQOLAeLiI0nwXq:EYHRow6DznwaIA1pDEnwXq

Score

10^/10

adwind discovery link pdf persistence privilege_escalation

Static task

static1

pdf link adwind

4 signatures

Behavioral task

behavioral1

Sample

Source.zip

Resource

win11-20250217-en

discovery persistence privilege_escalation

windows11-21h2-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  Source.zip
- Size
  
  437.5MB
- MD5
  
  eaf4815d66bde5f6b013e4f71e214960
- SHA1
  
  194128c84e7380e6d454d9fc9498c47f8502d449
- SHA256
  
  b46994fd3add4bad1d931fed56cdc3f254faa8bfd602083cafa0b686a9651aa7
- SHA512
  
  711df9f37a8ac7dbbcf31fa75ea743c08042ac6f090c7835b2ea3f651709fc3b2fb4e9078bbdee9715037fa320db8073d38206d2bddffe9eab8da1c247fdbde4
- SSDEEP
  
  12582912:EYHbFsq8w6jrrvzngbaIA1f4l6mUQOLAeLiI0nwXq:EYHRow6DznwaIA1pDEnwXq
Score

7^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

© 2018-2025

Terms | Privacy