Overview

overview

10

Static

static

10

da482b4635...6b.dll

windows7_x64

3

da482b4635...6b.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    da482b46353f652ea536d29cc0709537512dbee701e8d026497676e8cf4ad36b

  • Size

    52KB

  • Sample

    220201-pt27qsebdm

  • MD5

    9bb745f96f1afe73dc77f640d968c8a2

  • SHA1

    f13287ed1cefa1da141005158d8db2f3b1505d08

  • SHA256

    da482b46353f652ea536d29cc0709537512dbee701e8d026497676e8cf4ad36b

  • SHA512

    b5cde3dbd779e9567e98dc63bbbd0ae23aa1d786cb7ce5af1639ef7400764afa26528e811e66310622bd564908edf6c65a385fe5697eee100f7c6a1612848581

Score
10/10
doublebackpersistence

Malware Config

Targets

    • Target

      da482b46353f652ea536d29cc0709537512dbee701e8d026497676e8cf4ad36b

    • Size

      52KB

    • MD5

      9bb745f96f1afe73dc77f640d968c8a2

    • SHA1

      f13287ed1cefa1da141005158d8db2f3b1505d08

    • SHA256

      da482b46353f652ea536d29cc0709537512dbee701e8d026497676e8cf4ad36b

    • SHA512

      b5cde3dbd779e9567e98dc63bbbd0ae23aa1d786cb7ce5af1639ef7400764afa26528e811e66310622bd564908edf6c65a385fe5697eee100f7c6a1612848581

    Score
    10/10
    persistence

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Sets service image path in registry

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks