snatch | 997f098e1c4a49555f9b8a5497b06fc0622e0c2aaf2f08d4cbd92d527d0a6b8f | Triage

Submit
Reports

Overview

overview

Static

static

997f098e1c...8f.exe

windows7_x64

1

997f098e1c...8f.exe

windows10-2004_x64

Sharing

General

Target

997f098e1c4a49555f9b8a5497b06fc0622e0c2aaf2f08d4cbd92d527d0a6b8f
Size

4.3MB
Sample

220131-3wjp3adfhr
MD5

5ede6cd41d4b5338d18d3463b303079c
SHA1

eef92406e53381298dc2fdf0a8420b126b94ec9d
SHA256

997f098e1c4a49555f9b8a5497b06fc0622e0c2aaf2f08d4cbd92d527d0a6b8f
SHA512

3069522708ab9d35e16b0098dd63d15f36a31091ab94f4f69529ef9b5e76033603cef57c41afb69903d3af5a686eaff71fe40ff9789ca943c2ec0752ab702825

Score

10^/10

snatch persistence

Static task

static1

Behavioral task

behavioral1

Sample

997f098e1c4a49555f9b8a5497b06fc0622e0c2aaf2f08d4cbd92d527d0a6b8f.exe

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

997f098e1c4a49555f9b8a5497b06fc0622e0c2aaf2f08d4cbd92d527d0a6b8f.exe

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  997f098e1c4a49555f9b8a5497b06fc0622e0c2aaf2f08d4cbd92d527d0a6b8f
- Size
  
  4.3MB
- MD5
  
  5ede6cd41d4b5338d18d3463b303079c
- SHA1
  
  eef92406e53381298dc2fdf0a8420b126b94ec9d
- SHA256
  
  997f098e1c4a49555f9b8a5497b06fc0622e0c2aaf2f08d4cbd92d527d0a6b8f
- SHA512
  
  3069522708ab9d35e16b0098dd63d15f36a31091ab94f4f69529ef9b5e76033603cef57c41afb69903d3af5a686eaff71fe40ff9789ca943c2ec0752ab702825
Score

10^/10

persistence
- Suspicious use of NtCreateProcessExOtherParentProcess
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy