Overview

overview

10

Static

static

10

852a1558ef...7a.exe

windows7_x64

1

852a1558ef...7a.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    852a1558ef3f4b0732cc991e7052bd1e346e27849bbd53bc2f37172a3490dc7a

  • Size

    4.3MB

  • Sample

    220201-aha7jseeb7

  • MD5

    f52484b3ced180721fa57d17ccb9eb37

  • SHA1

    9d9abba79bc22f2bc80a6b73bdca5ce0b0b3e779

  • SHA256

    852a1558ef3f4b0732cc991e7052bd1e346e27849bbd53bc2f37172a3490dc7a

  • SHA512

    a40d440b301b3e95e9fb8fd85998b3dc94fd95ed0a955da5c123d17b550b9d16d01b0f34c5bd1abc895931b46526dcea6886fca49a4d1a5d0cc85d8174bcdc29

Score
10/10
snatchpersistence

Malware Config

Targets

    • Target

      852a1558ef3f4b0732cc991e7052bd1e346e27849bbd53bc2f37172a3490dc7a

    • Size

      4.3MB

    • MD5

      f52484b3ced180721fa57d17ccb9eb37

    • SHA1

      9d9abba79bc22f2bc80a6b73bdca5ce0b0b3e779

    • SHA256

      852a1558ef3f4b0732cc991e7052bd1e346e27849bbd53bc2f37172a3490dc7a

    • SHA512

      a40d440b301b3e95e9fb8fd85998b3dc94fd95ed0a955da5c123d17b550b9d16d01b0f34c5bd1abc895931b46526dcea6886fca49a4d1a5d0cc85d8174bcdc29

    Score
    10/10
    persistence

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Sets service image path in registry

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks