nefilim | ea6ced3730495e2231c1a755fcc1aefac7622ac4bd5e269b2a5996572acb42f9 | Triage

Submit
Reports

Overview

overview

Static

static

ea6ced3730...f9.exe

windows7_x64

3

ea6ced3730...f9.exe

windows10-2004_x64

Sharing

General

Target

ea6ced3730495e2231c1a755fcc1aefac7622ac4bd5e269b2a5996572acb42f9
Size

79KB
Sample

220131-3ts6qaeca5
MD5

780a4c89ba8e4af56e557b7faf73b42b
SHA1

d255716d5e2a6ce57ec07f13de38d2000dd3bb8d
SHA256

ea6ced3730495e2231c1a755fcc1aefac7622ac4bd5e269b2a5996572acb42f9
SHA512

37b66f2ba70cf1dd785fe21f49627e208c2c3d1f92bfc5b39882099109fbcb6822366d4a876062a8b66c0b4a9b9098333fc3b21792786be1f3ee2346a6e82800

Score

10^/10

nefilim persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

ea6ced3730495e2231c1a755fcc1aefac7622ac4bd5e269b2a5996572acb42f9.exe

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ea6ced3730495e2231c1a755fcc1aefac7622ac4bd5e269b2a5996572acb42f9.exe

Resource

win10v2004-en-20220112

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ea6ced3730495e2231c1a755fcc1aefac7622ac4bd5e269b2a5996572acb42f9
- Size
  
  79KB
- MD5
  
  780a4c89ba8e4af56e557b7faf73b42b
- SHA1
  
  d255716d5e2a6ce57ec07f13de38d2000dd3bb8d
- SHA256
  
  ea6ced3730495e2231c1a755fcc1aefac7622ac4bd5e269b2a5996572acb42f9
- SHA512
  
  37b66f2ba70cf1dd785fe21f49627e208c2c3d1f92bfc5b39882099109fbcb6822366d4a876062a8b66c0b4a9b9098333fc3b21792786be1f3ee2346a6e82800
Score

10^/10

persistence
- Suspicious use of NtCreateProcessExOtherParentProcess
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy