Overview

overview

10

Static

static

473b99ecfc...74.exe

windows7_x64

10

473b99ecfc...74.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    473b99ecfc3b75620f6201898e1d8f74.exe

  • Size

    473KB

  • Sample

    201109-avcdqa5kls

  • MD5

    473b99ecfc3b75620f6201898e1d8f74

  • SHA1

    d30e8402cfdd0c2bb67c9c27fbba685682861818

  • SHA256

    0cd84bfd6c8c5f61e644286675ece0013aafea6a538f899afc544bcbc0c00f75

  • SHA512

    45b4ef4bf7fd28543ee1f1ac738fe66daebb1cffd45f4cd357d9e6a86419da184764ef66adb854dcb985a5b5259d2de1a6c3fa67f3e3c52e8582f2fe538dbba8

Score
10/10
discoverypersistence

Malware Config

Targets

    • Target

      473b99ecfc3b75620f6201898e1d8f74.exe

    • Size

      473KB

    • MD5

      473b99ecfc3b75620f6201898e1d8f74

    • SHA1

      d30e8402cfdd0c2bb67c9c27fbba685682861818

    • SHA256

      0cd84bfd6c8c5f61e644286675ece0013aafea6a538f899afc544bcbc0c00f75

    • SHA512

      45b4ef4bf7fd28543ee1f1ac738fe66daebb1cffd45f4cd357d9e6a86419da184764ef66adb854dcb985a5b5259d2de1a6c3fa67f3e3c52e8582f2fe538dbba8

    Score
    10/10
    discoverypersistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks