General
-
Target
simulation.exe
-
Size
10.8MB
-
Sample
211116-rvd8eaebf8
-
MD5
3d0dc7192a93ccc2b0b31eaacd4da6a7
-
SHA1
21ce50989c250bf892963382f148525b3e1253c9
-
SHA256
e235767521e6170568e8c3c3cf7b4f94b3315aec8b96d896bde9786ed492adef
-
SHA512
9431f6a14bc3b1ec3c3b10a50b30f6bf98f92a0cd0e1b86e71bb288bb1b06212bde8ef301a4ecb5a516d3f76ef7d842f0e971c72ac9a8dcd8e04edf9bbd492cd
Static task
static1
Behavioral task
behavioral1
Sample
simulation.exe
Resource
win7-ja-20211014
Behavioral task
behavioral2
Sample
simulation.exe
Resource
win7-en-20211014
Malware Config
Extracted
https://malwarehub.co/vault/mitre/T1059001/Invoke-Mimikatz.ps1
Targets
-
-
Target
simulation.exe
-
Size
10.8MB
-
MD5
3d0dc7192a93ccc2b0b31eaacd4da6a7
-
SHA1
21ce50989c250bf892963382f148525b3e1253c9
-
SHA256
e235767521e6170568e8c3c3cf7b4f94b3315aec8b96d896bde9786ed492adef
-
SHA512
9431f6a14bc3b1ec3c3b10a50b30f6bf98f92a0cd0e1b86e71bb288bb1b06212bde8ef301a4ecb5a516d3f76ef7d842f0e971c72ac9a8dcd8e04edf9bbd492cd
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-