1e26ec8397bdc7b7b6ffb3169dbeb7f16ce8bd2d80398ccb0edcbd7b189d639e | Triage

Submit
Reports

Overview

overview

Static

static

haveSimpleAnd.dll

windows7_x64

haveSimpleAnd.dll

windows10_x64

Sharing

General

Target

haveSimpleAnd.dll
Size

454KB
Sample

210721-5mcyj2sxr2
MD5

fdd1d81128f8fe9022d3cd6ae0f08bf1
SHA1

25f03defe490c9cc8455a0216e626217ca19abe5
SHA256

1e26ec8397bdc7b7b6ffb3169dbeb7f16ce8bd2d80398ccb0edcbd7b189d639e
SHA512

c3186b17f5b49b1c1d9ce102c227aa384e1a829f0e8bd682977a9bbad6b32e148b99f98f965a0608cf5d37914d8ac76d1308c3ca3c2fded7af48575bf69d70f1

Score

10^/10

Static task

static1

Behavioral task

behavioral1

Sample

haveSimpleAnd.dll

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

haveSimpleAnd.dll

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  haveSimpleAnd.dll
- Size
  
  454KB
- MD5
  
  fdd1d81128f8fe9022d3cd6ae0f08bf1
- SHA1
  
  25f03defe490c9cc8455a0216e626217ca19abe5
- SHA256
  
  1e26ec8397bdc7b7b6ffb3169dbeb7f16ce8bd2d80398ccb0edcbd7b189d639e
- SHA512
  
  c3186b17f5b49b1c1d9ce102c227aa384e1a829f0e8bd682977a9bbad6b32e148b99f98f965a0608cf5d37914d8ac76d1308c3ca3c2fded7af48575bf69d70f1
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy