doubleback | 9d20722758c3f1a01a70ffddf91553b7a380b46b3690d11d8ba4ba3afe75ade0 | Triage

Submit
Reports

Overview

overview

Static

static

9d20722758...e0.dll

windows7_x64

3

9d20722758...e0.dll

windows10-2004_x64

Sharing

General

Target

9d20722758c3f1a01a70ffddf91553b7a380b46b3690d11d8ba4ba3afe75ade0
Size

27KB
Sample

220201-pt7gfsedd2
MD5

ce02ef6efe6171cd5d1b4477e40a3989
SHA1

d39142655510cc61f17994489ee9de162bec772a
SHA256

9d20722758c3f1a01a70ffddf91553b7a380b46b3690d11d8ba4ba3afe75ade0
SHA512

2bd9807dccad9237529a237918446a38cde4cfa6d42319822c02010d3cbdf26e611293e15255ee9122fcf5b15f4d57f949b5635f62ca73716071d3cb44e218c1

Score

10^/10

doubleback persistence

Static task

static1

Behavioral task

behavioral1

Sample

9d20722758c3f1a01a70ffddf91553b7a380b46b3690d11d8ba4ba3afe75ade0.dll

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9d20722758c3f1a01a70ffddf91553b7a380b46b3690d11d8ba4ba3afe75ade0.dll

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  9d20722758c3f1a01a70ffddf91553b7a380b46b3690d11d8ba4ba3afe75ade0
- Size
  
  27KB
- MD5
  
  ce02ef6efe6171cd5d1b4477e40a3989
- SHA1
  
  d39142655510cc61f17994489ee9de162bec772a
- SHA256
  
  9d20722758c3f1a01a70ffddf91553b7a380b46b3690d11d8ba4ba3afe75ade0
- SHA512
  
  2bd9807dccad9237529a237918446a38cde4cfa6d42319822c02010d3cbdf26e611293e15255ee9122fcf5b15f4d57f949b5635f62ca73716071d3cb44e218c1
Score

10^/10

persistence
- Suspicious use of NtCreateProcessExOtherParentProcess
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy