5516ce5826c34dc1d89b1373f09a5eb490cf1dab55f98da02bdc53a73b772874 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

LDPlayer9_...ld.exe

windows11-21h2-x64

8

Sharing

General

Target

LDPlayer9_ens_1001_ld.exe
Size

3.3MB
Sample

240630-ve6t9sthrk
MD5

86fca06e090f8017dd323ccc516a7ed9
SHA1

720fd4f4d0ac09308d19d229c8fbfde71313ce7d
SHA256

5516ce5826c34dc1d89b1373f09a5eb490cf1dab55f98da02bdc53a73b772874
SHA512

05f6ea47c48a2da3304a2d14a741403200ccf47e1f1b7155a2eba3fe694e4f42b8a327010fbc20b720ba06e4f84ee96b39d885989ae7cd20cc459261cd02b34b
SSDEEP

49152:SLgmKyhrX/3MwVn1pHtOUYqP3CFOrtG/JR9sXafgkDFMVR9C1UhPJXMK701hOHZ4:IgmKEX/3MS1t0xOoGBiCV2H1l

Score

8^/10

discovery execution exploit persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

LDPlayer9_ens_1001_ld.exe

Resource

win11-20240611-en

discovery execution exploit persistence privilege_escalation

windows11-21h2-x64

27 signatures

1800 seconds

Malware Config

Targets

- Target
  
  LDPlayer9_ens_1001_ld.exe
- Size
  
  3.3MB
- MD5
  
  86fca06e090f8017dd323ccc516a7ed9
- SHA1
  
  720fd4f4d0ac09308d19d229c8fbfde71313ce7d
- SHA256
  
  5516ce5826c34dc1d89b1373f09a5eb490cf1dab55f98da02bdc53a73b772874
- SHA512
  
  05f6ea47c48a2da3304a2d14a741403200ccf47e1f1b7155a2eba3fe694e4f42b8a327010fbc20b720ba06e4f84ee96b39d885989ae7cd20cc459261cd02b34b
- SSDEEP
  
  49152:SLgmKyhrX/3MwVn1pHtOUYqP3CFOrtG/JR9sXafgkDFMVR9C1UhPJXMK701hOHZ4:IgmKEX/3MS1t0xOoGBiCV2H1l
Score

8^/10

discovery execution exploit persistence privilege_escalation
- Creates new service(s)
  persistence execution
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryexecutionexploitpersistenceprivilege_escalation

© 2018-2024

Terms | Privacy