General
-
Target
.
-
Size
19KB
-
Sample
240630-rk9xbssemm
-
MD5
d99ec914883501b6e91fbfa4196120f0
-
SHA1
c5f30f7bf0856ec47edecb08519d6a324234d44a
-
SHA256
19143e0665f153f3d7cde1b4cc43c6b0fd7695f9b4f08a59d0a123a41d3fa020
-
SHA512
2fc8b3be5351eefa06b998b75b06bb69889c708a93cc4c4352d948e79f92d6b102773996926b8b90794514c222dcddab77205f203626977cb3d64ce8e969c338
-
SSDEEP
384:eAu5tSspY1ocy464lbGaLsvhpNct+aFK2f62oY0io5Jf1HExCJUrI:eAgs1ocy4hEa4JpNY+p2oY0io5xlExXc
Static task
static1
Behavioral task
behavioral1
Sample
.html
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
.
-
Size
19KB
-
MD5
d99ec914883501b6e91fbfa4196120f0
-
SHA1
c5f30f7bf0856ec47edecb08519d6a324234d44a
-
SHA256
19143e0665f153f3d7cde1b4cc43c6b0fd7695f9b4f08a59d0a123a41d3fa020
-
SHA512
2fc8b3be5351eefa06b998b75b06bb69889c708a93cc4c4352d948e79f92d6b102773996926b8b90794514c222dcddab77205f203626977cb3d64ce8e969c338
-
SSDEEP
384:eAu5tSspY1ocy464lbGaLsvhpNct+aFK2f62oY0io5Jf1HExCJUrI:eAgs1ocy4hEa4JpNY+p2oY0io5xlExXc
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Boot or Logon Autostart Execution: Port Monitors
Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.
-
Event Triggered Execution: Image File Execution Options Injection
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Boot or Logon Autostart Execution: Print Processors
Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
5Registry Run Keys / Startup Folder
2Port Monitors
1Print Processors
1Active Setup
1Event Triggered Execution
4Change Default File Association
1Netsh Helper DLL
1Image File Execution Options Injection
1Component Object Model Hijacking
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
5Registry Run Keys / Startup Folder
2Port Monitors
1Print Processors
1Active Setup
1Event Triggered Execution
4Change Default File Association
1Netsh Helper DLL
1Image File Execution Options Injection
1Component Object Model Hijacking
1