General

  • Target

    Exes_92eba943bfdf15732f4f8d47d596c38a.exe

  • Size

    417KB

  • Sample

    190814-vd9eygcdw6

  • MD5

    92eba943bfdf15732f4f8d47d596c38a

  • SHA1

    26ce9046dbe35974610caddecee0aa64fb0af99c

  • SHA256

    ec042ea8b6b6a94678df7612bffa69082e772b6c9d8a57b0bc89bc1258046b80

  • SHA512

    1671e609cca1eb6e0bbe5725ff21f23c6c3411474f50bf48a3fb1d845e040ae531614c453b67fe0fdc5e531553992c2e76680d2f8f6f401c7f6c2a66565cef49

Score
N/A

Malware Config

Targets

    • Target

      Exes_92eba943bfdf15732f4f8d47d596c38a.exe

    • Size

      417KB

    • MD5

      92eba943bfdf15732f4f8d47d596c38a

    • SHA1

      26ce9046dbe35974610caddecee0aa64fb0af99c

    • SHA256

      ec042ea8b6b6a94678df7612bffa69082e772b6c9d8a57b0bc89bc1258046b80

    • SHA512

      1671e609cca1eb6e0bbe5725ff21f23c6c3411474f50bf48a3fb1d845e040ae531614c453b67fe0fdc5e531553992c2e76680d2f8f6f401c7f6c2a66565cef49

    Score
    N/A
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Loads dropped DLL

    • program_crash

    • Checks system information in the registry (likely anti-VM)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Execution

Execution through API

1
T1106

Execution through Module Load

1
T1129

Privilege Escalation

Access Token Manipulation

1
T1134

Process Injection

1
T1055

Defense Evasion

Disabling Security Tools

1
T1089

Access Token Manipulation

1
T1134

Process Injection

1
T1055

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks