d95a38a7c3ba130e354926102de8f64986d8248ee095e5e410d6ee410d74e0bc | Triage

Sharing

General

Target

amix
Size

925KB
Sample

190902-3ldbs4wjda
MD5

10d9941b879f810364de4182ceecbea6
SHA1

ae880a2b142ab04df614e67fa47fb020f95f1c58
SHA256

d95a38a7c3ba130e354926102de8f64986d8248ee095e5e410d6ee410d74e0bc
SHA512

6441370971e55a4d9bb83abee9d4f4ad595de26677c2fa9eafab886d467de3b0812744254deeca93b17cd726c57742c7da32245f3e23971239ee70b1749567c9

Score

10^/10

Malware Config

Targets

- Target
  
  amix
- Size
  
  925KB
- MD5
  
  10d9941b879f810364de4182ceecbea6
- SHA1
  
  ae880a2b142ab04df614e67fa47fb020f95f1c58
- SHA256
  
  d95a38a7c3ba130e354926102de8f64986d8248ee095e5e410d6ee410d74e0bc
- SHA512
  
  6441370971e55a4d9bb83abee9d4f4ad595de26677c2fa9eafab886d467de3b0812744254deeca93b17cd726c57742c7da32245f3e23971239ee70b1749567c9
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Loads dropped DLL
- Program crash
- Adds Run entry to start application
  persistence
- Checks system information in the registry (likely anti-VM)
task1 task2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

task2