adedffa71c26b2855f85a6eba9f0415769efc743022f44a8f61c95b09b7dedf3 | Triage

Sharing

General

Target

New Year Order 18723TW.exe
Size

977KB
Sample

210113-ebj43rkf5e
MD5

b88cceefb601f1e7facc131eb499e688
SHA1

a156dc254a4d6f6978ef7bf35846ac593dd0c8a6
SHA256

adedffa71c26b2855f85a6eba9f0415769efc743022f44a8f61c95b09b7dedf3
SHA512

6bba774dc893f33e587632f2dc22efb4bc71c1e0588fb42565fbbea5306c6c9b42021c7f46f64e7230df648be7a7e811ad732392ee9db9838e2ff4f7983e323c

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  New Year Order 18723TW.exe
- Size
  
  977KB
- MD5
  
  b88cceefb601f1e7facc131eb499e688
- SHA1
  
  a156dc254a4d6f6978ef7bf35846ac593dd0c8a6
- SHA256
  
  adedffa71c26b2855f85a6eba9f0415769efc743022f44a8f61c95b09b7dedf3
- SHA512
  
  6bba774dc893f33e587632f2dc22efb4bc71c1e0588fb42565fbbea5306c6c9b42021c7f46f64e7230df648be7a7e811ad732392ee9db9838e2ff4f7983e323c
Score

8^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2