3bcfa8001e18dec51520fb89df030d98b9c72b1bf5c940b86710fb34033abbdf | Triage

Submit
Reports

Overview

overview

7

Static

static

1

windows11.html

windows10-2004-x64

Sharing

General

Target

windows11
Size

4KB
Sample

240622-yhplyasbmg
MD5

328f4b0cfc3dcf363a0b232f159e2c75
SHA1

0ac450ff6c615d88f9da2e8836b547023d6e45a3
SHA256

3bcfa8001e18dec51520fb89df030d98b9c72b1bf5c940b86710fb34033abbdf
SHA512

471789e299ed7fff0709f3232b68735fcaffabf629b478e267c9c385ebd35e626ae4df1b9054c168cd2072bfb135cd22db32475a65e822e3eb1f97625a057729
SSDEEP

48:0WRCmDpJU5clgYFud0i5breZWOehAtGgWqF1hVEQDVFFYreZGbJxDvWOHuQv:rCmFJU5cU3breSAxFFYreWJf

Score

7^/10

microsoft discovery persistence phishing privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

windows11.html

Resource

win10v2004-20240226-en

microsoft discovery persistence phishing privilege_escalation

windows10-2004-x64

29 signatures

1800 seconds

Malware Config

Targets

- Target
  
  windows11
- Size
  
  4KB
- MD5
  
  328f4b0cfc3dcf363a0b232f159e2c75
- SHA1
  
  0ac450ff6c615d88f9da2e8836b547023d6e45a3
- SHA256
  
  3bcfa8001e18dec51520fb89df030d98b9c72b1bf5c940b86710fb34033abbdf
- SHA512
  
  471789e299ed7fff0709f3232b68735fcaffabf629b478e267c9c385ebd35e626ae4df1b9054c168cd2072bfb135cd22db32475a65e822e3eb1f97625a057729
- SSDEEP
  
  48:0WRCmDpJU5clgYFud0i5breZWOehAtGgWqF1hVEQDVFFYreZGbJxDvWOHuQv:rCmFJU5cU3breSAxFFYreWJf
Score

7^/10

microsoft discovery persistence phishing privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

microsoftdiscoverypersistencephishingprivilege_escalation

© 2018-2024

Terms | Privacy