5f1ee7eac585adb1a5279041b286b4adff6ff9d29d459ca0dd05bb0d2bfe26d2 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

LDPlayer9_...ld.exe

windows7-x64

8

LDPlayer9_...ld.exe

windows10-2004-x64

4

Sharing

General

Target

LDPlayer9_es_1009_ld.exe
Size

3.4MB
Sample

240628-wxt4vs1erl
MD5

0d183c971971fe69c6c62b4bbfede0c7
SHA1

0ac34c620f6ab8ec1aa45312bfd54a794ebd7c28
SHA256

5f1ee7eac585adb1a5279041b286b4adff6ff9d29d459ca0dd05bb0d2bfe26d2
SHA512

c1990a97e1d1d1c93256dad443f2bc98739ca18b6e26b77a4810a190b70021aa64b77e33b387e124bc83356a3bdefadd900823f59039a2e50773c991796282fb
SSDEEP

49152:8LF2vxcUuniqfal7nA1pHtOUYqP3CFOrtG/JR9sXafgkDFMVR9C1UhPJXMK701hd:8LF2vFuniqfa21t0xOoGBiCV2HCyh

Score

8^/10

discovery execution exploit persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

LDPlayer9_es_1009_ld.exe

Resource

win7-20240508-es

discovery execution exploit persistence privilege_escalation

windows7-x64

29 signatures

1200 seconds

Behavioral task

behavioral2

Sample

LDPlayer9_es_1009_ld.exe

Resource

win10v2004-20240508-es

windows10-2004-x64

2 signatures

1200 seconds

Malware Config

Targets

- Target
  
  LDPlayer9_es_1009_ld.exe
- Size
  
  3.4MB
- MD5
  
  0d183c971971fe69c6c62b4bbfede0c7
- SHA1
  
  0ac34c620f6ab8ec1aa45312bfd54a794ebd7c28
- SHA256
  
  5f1ee7eac585adb1a5279041b286b4adff6ff9d29d459ca0dd05bb0d2bfe26d2
- SHA512
  
  c1990a97e1d1d1c93256dad443f2bc98739ca18b6e26b77a4810a190b70021aa64b77e33b387e124bc83356a3bdefadd900823f59039a2e50773c991796282fb
- SSDEEP
  
  49152:8LF2vxcUuniqfal7nA1pHtOUYqP3CFOrtG/JR9sXafgkDFMVR9C1UhPJXMK701hd:8LF2vFuniqfa21t0xOoGBiCV2HCyh
Score

8^/10

discovery execution exploit persistence privilege_escalation
- Creates new service(s)
  persistence execution
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
- Checks for any installed AV software in registry
- Downloads MZ/PE file
- Legitimate hosting services abused for malware hosting/C2
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Install Root Certificate

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Software Discovery

Security Software Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryexecutionexploitpersistenceprivilege_escalation

behavioral2

© 2018-2024

Terms | Privacy