14bc7146562bb679d9e708f1f748512a140a4a32e2ae1d7a8de6c971b5639686 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SPEC ORDER #3081.exe
Size

375KB
Sample

200709-67441ygmjs
MD5

383949d00c81b2a7ca1c5b225a4e268d
SHA1

166b82c1363bbf1d48ae27291cd6b8205e8908ed
SHA256

14bc7146562bb679d9e708f1f748512a140a4a32e2ae1d7a8de6c971b5639686
SHA512

567592a32dd2cdbca984ee6eb74e4985143e852f6ba433d8cc26fbb7ef36cc55c6f83617218a4719b1d07ee9c19abb7cc9dab21e52bd060554621bd054f75f64

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  SPEC ORDER #3081.exe
- Size
  
  375KB
- MD5
  
  383949d00c81b2a7ca1c5b225a4e268d
- SHA1
  
  166b82c1363bbf1d48ae27291cd6b8205e8908ed
- SHA256
  
  14bc7146562bb679d9e708f1f748512a140a4a32e2ae1d7a8de6c971b5639686
- SHA512
  
  567592a32dd2cdbca984ee6eb74e4985143e852f6ba433d8cc26fbb7ef36cc55c6f83617218a4719b1d07ee9c19abb7cc9dab21e52bd060554621bd054f75f64
Score

8^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run entry to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2