md5: b834ebeb777ea07fb6aab6bf35cdf07f 11a67ff9ad6006bd44f08bcc125fb61e 7c05da2e4612fca213430b6c93e76b06 f67b65b9346ee75a26f491b70bf6091b fc4fe1b933183c4c613d34ffdb5fe758 7a4e2d2638a454442efb95f23df391a1 File Names: 108_100.exe 104.dll Hash b834ebeb777ea07fb6aab6bf35cdf07f: Hash 11a67ff9ad6006bd44f08bcc125fb61e: Source: Zenbox Tactic Name: Persistence Tactic ID: TA0003 Technique Name: Windows Service Technique ID: T1543.003 Technique Name: LSASS Driver Technique ID: T1547.008 Tactic Name: Discovery Tactic ID: TA0007 Technique Name: System Information Discovery Technique ID: T1082 Tactic Name: Privilege Escalation Tactic ID: TA0004 Technique Name: Windows Service Technique ID: T1543.003 Technique Name: LSASS Driver Technique ID: T1547.008 Source: CAPA Tactic Name: Impact Tactic ID: TA0034 Technique Name: Service Stop Technique ID: T1489 Tactic Name: Impact Tactic ID: TA0040 Technique Name: Service Stop Technique ID: T1489 Tactic Name: Persistence Tactic ID: TA0003 Technique Name: Windows Service Technique ID: T1543.003 Tactic Name: Execution Tactic ID: TA0002 Technique Name: Shared Modules Technique ID: T1129 Technique Name: Command and Scripting Interpreter Technique ID: T1059 Technique Name: Service Execution Technique ID: T1569.002 Tactic Name: Discovery Tactic ID: TA0007 Technique Name: System Information Discovery Technique ID: T1082 Technique Name: File and Directory Discovery Technique ID: T1083 Tactic Name: Defense Evasion Tactic ID: TA0005 Technique Name: Token Impersonation/Theft Technique ID: T1134.001 Tactic Name: Privilege Escalation Tactic ID: TA0004 Technique Name: Token Impersonation/Theft Technique ID: T1134.001 Technique Name: Windows Service Technique ID: T1543.003 Hash 7c05da2e4612fca213430b6c93e76b06: Source: Zenbox Tactic Name: Discovery Tactic ID: TA0007 Technique Name: System Information Discovery Technique ID: T1082 Technique Name: Process Discovery Technique ID: T1057 Tactic Name: Defense Evasion Tactic ID: TA0005 Technique Name: Process Injection Technique ID: T1055 Tactic Name: Privilege Escalation Tactic ID: TA0004 Technique Name: Process Injection Technique ID: T1055 Source: Yomi Hunter Tactic Name: Execution Tactic ID: TA0002 Technique Name: Command and Scripting Interpreter Technique ID: T1059 Tactic Name: Discovery Tactic ID: TA0007 Technique Name: Software Discovery Technique ID: T1518 Technique Name: Process Discovery Technique ID: T1057 Technique Name: System Network Configuration Discovery Technique ID: T1016 Source: CAPA Tactic Name: Execution Tactic ID: TA0002 Technique Name: Command and Scripting Interpreter Technique ID: T1059 Tactic Name: Discovery Tactic ID: TA0007 Technique Name: Software Discovery Technique ID: T1518 Technique Name: Process Discovery Technique ID: T1057 Technique Name: System Network Configuration Discovery Technique ID: T1016 Hash f67b65b9346ee75a26f491b70bf6091b: Source: Zenbox Tactic Name: Collection Tactic ID: TA0009 Technique Name: Input Capture Technique ID: T1056 Tactic Name: Discovery Tactic ID: TA0007 Technique Name: System Information Discovery Technique ID: T1082 Technique Name: Virtualization/Sandbox Evasion Technique ID: T1497 Technique Name: Security Software Discovery Technique ID: T1518.001 Tactic Name: Credential Access Tactic ID: TA0006 Technique Name: Input Capture Technique ID: T1056 Tactic Name: Defense Evasion Tactic ID: TA0005 Technique Name: Masquerading Technique ID: T1036 Technique Name: Virtualization/Sandbox Evasion Technique ID: T1497 Source: DAS-Security Orcas Tactic Name: Discovery Tactic ID: TA0007 Technique Name: System Time Discovery Technique ID: T1124 Tactic Name: Defense Evasion Tactic ID: TA0005 Technique Name: Hidden Files and Directories Technique ID: T1564.001 Technique Name: Masquerading Technique ID: T1036 Source: CAPA Tactic Name: Impact Tactic ID: TA0034 Technique Name: Service Stop Technique ID: T1489 Tactic Name: Impact Tactic ID: TA0040 Technique Name: Service Stop Technique ID: T1489 Tactic Name: Persistence Tactic ID: TA0003 Technique Name: Windows Service Technique ID: T1543.003 Tactic Name: Execution Tactic ID: TA0002 Technique Name: Command and Scripting Interpreter Technique ID: T1059 Technique Name: Service Execution Technique ID: T1569.002 Tactic Name: Discovery Tactic ID: TA0007 Technique Name: System Information Discovery Technique ID: T1082 Technique Name: File and Directory Discovery Technique ID: T1083 Tactic Name: Defense Evasion Tactic ID: TA0005 Technique Name: Token Impersonation/Theft Technique ID: T1134.001 Tactic Name: Privilege Escalation Tactic ID: TA0004 Technique Name: Token Impersonation/Theft Technique ID: T1134.001 Technique Name: Windows Service Technique ID: T1543.003 Hash fc4fe1b933183c4c613d34ffdb5fe758: Source: Zenbox Tactic Name: Discovery Tactic ID: TA0007 Technique Name: System Information Discovery Technique ID: T1082 Technique Name: Virtualization/Sandbox Evasion Technique ID: T1497 Tactic Name: Defense Evasion Tactic ID: TA0005 Technique Name: Masquerading Technique ID: T1036 Technique Name: Virtualization/Sandbox Evasion Technique ID: T1497 Source: Yomi Hunter Tactic Name: Impact Tactic ID: TA0034 Technique Name: Service Stop Technique ID: T1489 Tactic Name: Impact Tactic ID: TA0040 Technique Name: Service Stop Technique ID: T1489 Tactic Name: Persistence Tactic ID: TA0003 Technique Name: Windows Service Technique ID: T1543.003 Tactic Name: Execution Tactic ID: TA0002 Technique Name: Shared Modules Technique ID: T1129 Technique Name: Command and Scripting Interpreter Technique ID: T1059 Technique Name: Service Execution Technique ID: T1569.002 Tactic Name: Discovery Tactic ID: TA0007 Technique Name: System Information Discovery Technique ID: T1082 Technique Name: File and Directory Discovery Technique ID: T1083 Tactic Name: Defense Evasion Tactic ID: TA0005 Technique Name: Token Impersonation/Theft Technique ID: T1134.001 Tactic Name: Privilege Escalation Tactic ID: TA0004 Technique Name: Token Impersonation/Theft Technique ID: T1134.001 Technique Name: Windows Service Technique ID: T1543.003 Source: DAS-Security Orcas Tactic Name: Discovery Tactic ID: TA0007 Technique Name: System Time Discovery Technique ID: T1124 Tactic Name: Defense Evasion Tactic ID: TA0005 Technique Name: Hidden Files and Directories Technique ID: T1564.001 Technique Name: Masquerading Technique ID: T1036 Source: CAPA Tactic Name: Impact Tactic ID: TA0034 Technique Name: Service Stop Technique ID: T1489 Tactic Name: Impact Tactic ID: TA0040 Technique Name: Service Stop Technique ID: T1489 Tactic Name: Persistence Tactic ID: TA0003 Technique Name: Windows Service Technique ID: T1543.003 Tactic Name: Execution Tactic ID: TA0002 Technique Name: Command and Scripting Interpreter Technique ID: T1059 Technique Name: Service Execution Technique ID: T1569.002 Tactic Name: Discovery Tactic ID: TA0007 Technique Name: System Information Discovery Technique ID: T1082 Technique Name: File and Directory Discovery Technique ID: T1083 Tactic Name: Defense Evasion Tactic ID: TA0005 Technique Name: Token Impersonation/Theft Technique ID: T1134.001 Tactic Name: Privilege Escalation Tactic ID: TA0004 Technique Name: Token Impersonation/Theft Technique ID: T1134.001 Technique Name: Windows Service Technique ID: T1543.003 Hash 7a4e2d2638a454442efb95f23df391a1: Source: Zenbox Tactic Name: Persistence Tactic ID: TA0003 Technique Name: DLL Side-Loading Technique ID: T1574.002 Tactic Name: Discovery Tactic ID: TA0007 Technique Name: System Information Discovery Technique ID: T1082 Technique Name: Security Software Discovery Technique ID: T1518.001 Technique Name: Virtualization/Sandbox Evasion Technique ID: T1497 Tactic Name: Defense Evasion Tactic ID: TA0005 Technique Name: Process Injection Technique ID: T1055 Technique Name: Virtualization/Sandbox Evasion Technique ID: T1497 Technique Name: DLL Side-Loading Technique ID: T1574.002 Technique Name: Rundll32 Technique ID: T1218.011 Tactic Name: Privilege Escalation Tactic ID: TA0004 Technique Name: Process Injection Technique ID: T1055 Technique Name: DLL Side-Loading Technique ID: T1574.002 Source: CAPA Tactic Name: Execution Tactic ID: TA0002 Technique Name: Shared Modules Technique ID: T1129 Tactic Name: Discovery Tactic ID: TA0007 Technique Name: Query Registry Technique ID: T1012 Tactic Name: Defense Evasion Tactic ID: TA0005 Technique Name: Obfuscated Files or Information Technique ID: T1027