General
-
Target
lol2.jpg
-
Size
123KB
-
Sample
240630-c9qgnasfqe
-
MD5
66f547cd3f29dc30cb928b8bc9351b2b
-
SHA1
cfeaac948ee9a720ea9ba52de0ea5c6ed83bde6f
-
SHA256
38fb6a5b7af88ba1fd4bb16f2e862a8736b7f3c1b551a30caa74804b80f34192
-
SHA512
0c386f8cb682c7376cf97ead7787945c280c25f6dced0b7f0162f36ca6cd5033e38647141da55f91815f8f9cff3e5eab2d7aae597738f8cb5fc75dbbc769e036
-
SSDEEP
3072:ErhWbwT879hPmmg8FDklG4pjMlSR6tdGQTDyiUJX:/l79I8xwJMlSYTDm
Static task
static1
Behavioral task
behavioral1
Sample
lol2.jpg
Resource
win11-20240419-en
Malware Config
Targets
-
-
Target
lol2.jpg
-
Size
123KB
-
MD5
66f547cd3f29dc30cb928b8bc9351b2b
-
SHA1
cfeaac948ee9a720ea9ba52de0ea5c6ed83bde6f
-
SHA256
38fb6a5b7af88ba1fd4bb16f2e862a8736b7f3c1b551a30caa74804b80f34192
-
SHA512
0c386f8cb682c7376cf97ead7787945c280c25f6dced0b7f0162f36ca6cd5033e38647141da55f91815f8f9cff3e5eab2d7aae597738f8cb5fc75dbbc769e036
-
SSDEEP
3072:ErhWbwT879hPmmg8FDklG4pjMlSR6tdGQTDyiUJX:/l79I8xwJMlSYTDm
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
1Component Object Model Hijacking
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Event Triggered Execution
1Component Object Model Hijacking
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1