General
-
Target
test.zip
-
Size
7.3MB
-
Sample
190813-bzccs8gxyn
-
MD5
d67d29dfc872a069a1f6fe7eec57becb
-
SHA1
e47cf8238cfb8aa1012e5de1e44d46b23d867f97
-
SHA256
72b228f51cf5a1b7600f0e0848145e4e54e54838977a5a5b1c85f69b64b92cf5
-
SHA512
8302ebb02d97800dc6495101129930606a65096556b1d004b94d757a31d0c8935edca87d072d8c0059c055203bead0a2d59a0cf7150f6f954b0be0bfc9849dc7
Task
task1
Task
task2
Task
task3
Task
task4
Task
task5
Task
task6
Task
task7
Task
task8
Task
task9
Task
task10
Malware Config
Targets
-
-
Target
0b627b4eca9b9e8bd04a0d1a103876f6e0fa91049fd0b51bae9ae41acaacf15b.doc
-
Size
265KB
-
MD5
34c85b83169b5e70bbfc76c2d6de2be0
-
SHA1
cf7d59f9e2774b8b2de9f578bad3b78947d0c3f8
-
SHA256
0b627b4eca9b9e8bd04a0d1a103876f6e0fa91049fd0b51bae9ae41acaacf15b
-
SHA512
0610b68ef9916c73ed782dc60045c914c52dff1dc1258b634dd009303a4837b403334f2e6c35f137e12ca473f30c747cd9e08df2acbc3d2a9a6790b1b469eb4e
ScoreN/A-
Malicious domain
-
flawedammy family
-
process_martian
-
wannacry family
-
Creates new service
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Modifies file permissions
-
Sets file to hidden
-
Drops startup file
-
Loads dropped DLL
-
Adds Run entry to start application
-
Modifies service
-
Sets desktop wallpaper registry value
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
windows_cmd_obfuscation
-
-
-
Target
0dded430c1958ae0ec60c2d50ab99f562269ad1ee09db17606661bd55cd29c66.doc
-
Size
81KB
-
MD5
fac7b441a730abf96b210a8db9dbf3d1
-
SHA1
9f5bb869b95136f51b954e4284f99168ff0e91fb
-
SHA256
0dded430c1958ae0ec60c2d50ab99f562269ad1ee09db17606661bd55cd29c66
-
SHA512
0a5ec69ec554639ede43c359f38f8d2e52718b7e29a06aa112ff8cdc99b2777a39c3a9455d3796033a813cceda7487104fb8f0027eccfa138bcd0c2064606f07
ScoreN/A -
-
-
Target
91B5DB3C0CCBD68BD04C24571E27F99D.msi
-
Size
277KB
-
MD5
91b5db3c0ccbd68bd04c24571e27f99d
-
SHA1
b01cb4fe38315d41fcbe9c6278ebe4574496ab0d
-
SHA256
ec85138598c57c6a6bdb5ed470614f582d3b5a8c6b243eb2f41b9970ea13d130
-
SHA512
9f0b07f961625fcc06ee64fcfe5e35e0d40db81f75c3cbc584434c1925fac241db69cac3c1a1bf329d965a4df9bdaa53c13bb8ea3206e2c9d4facf7f74ba21b7
ScoreN/A -
-
-
Target
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
-
Size
3.4MB
-
MD5
84c82835a5d21bbcf75a61706d8ab549
-
SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
-
SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
-
SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
ScoreN/A -
-
-
Target
fe9d72dd4b046bafdd144902ab570297629f83d06afb5a9ba7703382a29d588f.exe
-
Size
3.6MB
-
MD5
743a6891999db5d7179091aba5f98fdb
-
SHA1
eeca4b8f88fcae9db6f54304270699d459fb5722
-
SHA256
fe9d72dd4b046bafdd144902ab570297629f83d06afb5a9ba7703382a29d588f
-
SHA512
9edef033663c828536190332ec87ac0096ffddae934d17c51b255a55ecb05774211a0edb1915c19384641befa291cfdfd2e3f878bf3b827f8b203ec1bee9dd96
ScoreN/A -
MITRE ATT&CK Matrix ATT&CK v6
Persistence
New Service
1Modify Existing Service
2Hidden Files and Directories
1Registry Run Keys / Startup Folder
1Hooking
1Privilege Escalation
New Service
1Access Token Manipulation
1Process Injection
2Hooking
1