cb4a0d555233f1ffa56170a3559fb33cc22053d6fef7a5dff245ac1970db93b4 | Triage

Submit
Reports

Overview

overview

7

Static

static

6

folder-4/4/777.pdf

windows10-1703-x64

7

Resubmissions

01-07-2024 03:03

240701-dkfftsxflm 6

01-07-2024 02:56

240701-dffwssxemm 7

01-07-2024 02:51

240701-db8e9axdnn 6

01-07-2024 02:44

240701-c8aptatemd 6

Sharing

General

Target

folder-4-pw-badfile.zip
Size

5.5MB
Sample

240701-dffwssxemm
MD5

c356f61e10b385fadd246923bea4c5b5
SHA1

5cd4d73d341730a410f4fc4ce0da3b5c03b751ef
SHA256

cb4a0d555233f1ffa56170a3559fb33cc22053d6fef7a5dff245ac1970db93b4
SHA512

1748598ee0a6bcb6cf6696c1f3f949877bb6856a389ea510d74a257eebb1c9bde58c19e137bd2e6810e05f6ac4f2238f9df487ad25f166463ad6406f83e1e31d
SSDEEP

98304:5VnJaRJFd/HCgZG6iQHcw7oyO1MtJP7sSZYW76OC5fItTAq9d3As8lUwbUkXePH:5GL/HCgMpQHvcAnPVZJ+QOOdt8lakOf

Score

7^/10

evasion pdf persistence privilege_escalation

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

folder-4/4/777.pdf

Resource

win10-20240404-en

persistence privilege_escalation

windows10-1703-x64

12 signatures

300 seconds

Malware Config

Targets

- Target
  
  folder-4/4/777.exe
- Size
  
  5.7MB
- MD5
  
  4177fbfe03075bace0b1b86444bf24bf
- SHA1
  
  802ca6fd560d8c2dc5d43a49cc29a2bedb4e13ca
- SHA256
  
  ae08d188a5c463b9d90aead76d8ad7703dd6d79578e40517b69dc38821a045a3
- SHA512
  
  277f15669df62d4e2b75780bb152c96ad0b4992dcc54f6c4384d0119d5a3a1b6bed549f44e6656add3fa44dc37b195a438c39b84ffc137e47fa41315f61a2f6e
- SSDEEP
  
  24576:+/KF/KU/Kk/Kw/KU/KE/KZ/Ka/Kp/KP/KW/KY/KS/KC/KD/Kn/K6/Ki/KK/KT/KD:3k
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Modifies system executable filetype association
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistenceprivilege_escalation

© 2018-2024

Terms | Privacy