Overview

overview

8

Static

static

run_848a9.exe

windows7_x64

8

run_848a9.exe

windows11_x64

8

run_848a9.exe

windows10_x64

8

Resubmissions

29-10-2021 04:47

211029-fephnahcek 10

29-10-2021 04:36

211029-e8cwaahcdp 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    run_848a9.exe

  • Size

    1.7MB

  • Sample

    211029-e8cwaahcdp

  • MD5

    67c86865ba800ab9f761356d4cc5c08c

  • SHA1

    1f3dcc460c3fb02704e69cd8509445a92ac3600d

  • SHA256

    8dbbe3e8657d87e842026b7051a7b0680d3838749773997df91f123034a7566d

  • SHA512

    328c47921cfa939403736e63d0a5f5659dce3a916a44e6d0b0434ae4672bf96530a86cb19c2709a67914381fd8fc1c40b6e12209a35735743a8988a6166b50ff

Score
8/10
discovery

Malware Config

Targets

    • Target

      run_848a9.exe

    • Size

      1.7MB

    • MD5

      67c86865ba800ab9f761356d4cc5c08c

    • SHA1

      1f3dcc460c3fb02704e69cd8509445a92ac3600d

    • SHA256

      8dbbe3e8657d87e842026b7051a7b0680d3838749773997df91f123034a7566d

    • SHA512

      328c47921cfa939403736e63d0a5f5659dce3a916a44e6d0b0434ae4672bf96530a86cb19c2709a67914381fd8fc1c40b6e12209a35735743a8988a6166b50ff

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks