General
-
Target
OIP.jpg
-
Size
34KB
-
Sample
250503-jzm24szwh1
-
MD5
9f352749515b33c53fd6dcdf9c08fa02
-
SHA1
11c6b29d177f2262a53613aa6d995b96f6b58378
-
SHA256
67b777e4fa23202de3c10f3788929b1fbbd92d9b0bc8bcf249bc34cf230f0c1f
-
SHA512
58f91a251cb3c56a6190c8e4279f8e98c909b33214b935d0e58388a40ee281c82a736ad45b8186e8be360622d7d8aee954d82abd16f192d32ff2ad44427ef7db
-
SSDEEP
768:zSYCMfFYFiijuob5LDe0fe1hM8PNqNCueShnw+DIzpXZC33mPo:zkM9YFiuuoNLq6SvkKS1IzpJCnB
Static task
static1
Behavioral task
behavioral1
Sample
OIP.jpg
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
OIP.jpg
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
OIP.jpg
-
Size
34KB
-
MD5
9f352749515b33c53fd6dcdf9c08fa02
-
SHA1
11c6b29d177f2262a53613aa6d995b96f6b58378
-
SHA256
67b777e4fa23202de3c10f3788929b1fbbd92d9b0bc8bcf249bc34cf230f0c1f
-
SHA512
58f91a251cb3c56a6190c8e4279f8e98c909b33214b935d0e58388a40ee281c82a736ad45b8186e8be360622d7d8aee954d82abd16f192d32ff2ad44427ef7db
-
SSDEEP
768:zSYCMfFYFiijuob5LDe0fe1hM8PNqNCueShnw+DIzpXZC33mPo:zkM9YFiuuoNLq6SvkKS1IzpJCnB
-
UAC bypass
-
Blocklisted process makes network request
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Impair Defenses: Safe Mode Boot
-
Modifies file permissions
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1File and Directory Permissions Modification
1Impair Defenses
2Disable or Modify Tools
1Safe Mode Boot
1Modify Registry
5