14c7bec7369d4175c6d92554b033862b3847ff98a04dfebdf9f5bb30180ed13e | Triage

Sharing

General

Target

14c7bec7369d4175c6d92554b033862b3847ff98a04dfebdf9f5bb30180ed13e
Size

272KB
Sample

191025-sx1vkcqb92
MD5

5b4bd24d6240f467bfbc74803c9f15b0
SHA1

c17f98c182d299845c54069872e8137645768a1a
SHA256

14c7bec7369d4175c6d92554b033862b3847ff98a04dfebdf9f5bb30180ed13e
SHA512

a896acc38a6ff9641b0803f0598369c0d4fa8e38da28c1653c57948fe5e3274880d1b2e7959cd1b1da43375a1318b3ba72e13240bf40b27c852ee72bbb16cadc

Score

10^/10

Malware Config

Targets

- Target
  
  14c7bec7369d4175c6d92554b033862b3847ff98a04dfebdf9f5bb30180ed13e
- Size
  
  272KB
- MD5
  
  5b4bd24d6240f467bfbc74803c9f15b0
- SHA1
  
  c17f98c182d299845c54069872e8137645768a1a
- SHA256
  
  14c7bec7369d4175c6d92554b033862b3847ff98a04dfebdf9f5bb30180ed13e
- SHA512
  
  a896acc38a6ff9641b0803f0598369c0d4fa8e38da28c1653c57948fe5e3274880d1b2e7959cd1b1da43375a1318b3ba72e13240bf40b27c852ee72bbb16cadc
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks processor name in registry (likely anti-VM)
- Deletes itself
- Program crash
- Windows security modification
  evasion trojan
- Modifies system certificate store
  evasion spyware trojan
- Checks system information in the registry (likely anti-VM)
- Modifies service
  persistence
task1 task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

PowerShell

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

task1

task2