084e772f4891b7047ce98b2fe70d9472ed7afbc36477ada6d5a7b589042f3d8e | Triage

Sharing

General

Target

084e772f4891b7047ce98b2fe70d9472ed7afbc36477ada6d5a7b589042f3d8e
Size

282KB
Sample

191025-f6pl6zcd7e
MD5

cf172ab820421726fa559c4a57990938
SHA1

37ff192069191f243ec89ab61e85d9fb3a9fbe67
SHA256

084e772f4891b7047ce98b2fe70d9472ed7afbc36477ada6d5a7b589042f3d8e
SHA512

00e7aa92782743beee8e0b06d72c8da7cdf1457ad4eac5dd78b456b27720c3e060d06b2fddc2580eb124de59fbbee78609cdef81b16012c30b93e37557986f35

Score

10^/10

Malware Config

Targets

- Target
  
  084e772f4891b7047ce98b2fe70d9472ed7afbc36477ada6d5a7b589042f3d8e
- Size
  
  282KB
- MD5
  
  cf172ab820421726fa559c4a57990938
- SHA1
  
  37ff192069191f243ec89ab61e85d9fb3a9fbe67
- SHA256
  
  084e772f4891b7047ce98b2fe70d9472ed7afbc36477ada6d5a7b589042f3d8e
- SHA512
  
  00e7aa92782743beee8e0b06d72c8da7cdf1457ad4eac5dd78b456b27720c3e060d06b2fddc2580eb124de59fbbee78609cdef81b16012c30b93e37557986f35
Score

10^/10
- Suspicious use of NtCreateProcessExOtherParentProcess
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks processor name in registry (likely anti-VM)
- Program crash
- Windows security modification
  evasion trojan
- Modifies system certificate store
  evasion spyware trojan
- Checks system information in the registry (likely anti-VM)
- Drops Office document
  dropper exploiter maldoc
- Modifies service
  persistence
- Suspicious use of SetThreadContext
task1 task2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

task2