Overview

overview

8

Static

static

3

Desktop.rar

windows10-ltsc_2021-x64

8

Resubmissions

10/04/2025, 15:47

250410-s76nvswtgz 8

10/04/2025, 13:03

250410-qavh8asl12 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Desktop.rar

  • Size

    45.7MB

  • Sample

    250410-s76nvswtgz

  • MD5

    8e63373e90766f517978814a5a4e367d

  • SHA1

    d5838de7eb03ba1e5521dcdee1382f2749885860

  • SHA256

    485d858572f7b2d02edc24b9d1186c06673a6452789e3aa166e45f86368a77cb

  • SHA512

    d445f8c815ba4c0d14ef11eeab63886aacdd9d90503760167fe964349c27dd3f2fbc45f3e8a26941eefecc7216177b6b2529dee4a4daf24a47aadaa157378a95

  • SSDEEP

    786432:6bklmNIhQsn58RlmlyLFeKCvtPHTkcafqObmb3r/wuaMz234C0w7v4Vj:6Alm/RQoLYKCVHTk5f1dK2Xv41

Score
8/10
microsoftdefense_evasiondiscoverypersistencephishingprivilege_escalation

Malware Config

Targets

    • Target

      Desktop.rar

    • Size

      45.7MB

    • MD5

      8e63373e90766f517978814a5a4e367d

    • SHA1

      d5838de7eb03ba1e5521dcdee1382f2749885860

    • SHA256

      485d858572f7b2d02edc24b9d1186c06673a6452789e3aa166e45f86368a77cb

    • SHA512

      d445f8c815ba4c0d14ef11eeab63886aacdd9d90503760167fe964349c27dd3f2fbc45f3e8a26941eefecc7216177b6b2529dee4a4daf24a47aadaa157378a95

    • SSDEEP

      786432:6bklmNIhQsn58RlmlyLFeKCvtPHTkcafqObmb3r/wuaMz234C0w7v4Vj:6Alm/RQoLYKCVHTk5f1dK2Xv41

    Score
    8/10
    microsoftdefense_evasiondiscoverypersistencephishingprivilege_escalation

    • Downloads MZ/PE file

    • Modify Registry: Disable Windows Driver Blocklist

      Disable Windows Driver Blocklist via Registry.

      defense_evasion

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Detected potential entity reuse from brand MICROSOFT.

      phishingmicrosoft

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Impair Defenses

1
T1562

Modify Registry

4
T1112

Subvert Trust Controls

1
T1553

SIP and Trust Provider Hijacking

1
T1553.003

Credential Access

Discovery

Peripheral Device Discovery

2
T1120

Query Registry

6
T1012

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks