900bac2dc0f9eb0691dbbed3dfa5ec6294cfe164dc371763efa0ff20681b1fea | Triage

Submit
Reports

Overview

overview

Static

static

3

H2.exe

windows7-x64

H2.exe

windows10-2004-x64

Sharing

General

Target

H2.exe
Size

22KB
Sample

240629-wvvbvasfmh
MD5

669902e0baf0307086c9d347c66152a8
SHA1

96a5cc7d488c2273ae58a3ef22bc468d61684132
SHA256

900bac2dc0f9eb0691dbbed3dfa5ec6294cfe164dc371763efa0ff20681b1fea
SHA512

06f6538048379ce7c861671592b6d04989c4b3400b4875cc50b889404a731e3602aa64a78be654a1b151ae3e39419d21f6877b8eb6c6dfc214a653ef276d227f
SSDEEP

384:Ql5PmFkkRZNVbwpumK3pms4eZXsKjX5msMU80UVIx2bOKJSyol+wTMUufNpJDlVX:QlekkLmKPXsK06UbTQVM/nlQ9

Score

10^/10

discovery evasion exploit persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

H2.exe

Resource

win7-20240611-en

discovery evasion exploit persistence trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

H2.exe

Resource

win10v2004-20240611-en

discovery evasion exploit persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  H2.exe
- Size
  
  22KB
- MD5
  
  669902e0baf0307086c9d347c66152a8
- SHA1
  
  96a5cc7d488c2273ae58a3ef22bc468d61684132
- SHA256
  
  900bac2dc0f9eb0691dbbed3dfa5ec6294cfe164dc371763efa0ff20681b1fea
- SHA512
  
  06f6538048379ce7c861671592b6d04989c4b3400b4875cc50b889404a731e3602aa64a78be654a1b151ae3e39419d21f6877b8eb6c6dfc214a653ef276d227f
- SSDEEP
  
  384:Ql5PmFkkRZNVbwpumK3pms4eZXsKjX5msMU80UVIx2bOKJSyol+wTMUufNpJDlVX:QlekkLmKPXsK06UbTQVM/nlQ9
Score

10^/10

discovery evasion exploit persistence trojan
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryevasionexploitpersistencetrojan

behavioral2

discoveryevasionexploitpersistencetrojan

© 2018-2024

Terms | Privacy