Overview

overview

10

Static

static

10

66bfc22295...34.dll

windows7_x64

3

66bfc22295...34.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    66bfc2229570bd459028fbf92dd31cf2adb1895024e23ed6492ecdd33f1cd734

  • Size

    44KB

  • Sample

    220201-pvbfeaecbm

  • MD5

    f4a46279bad62b50509c8729ba55b1fa

  • SHA1

    0be2b50b31c4a22df95942081b1c0e13e3c79850

  • SHA256

    66bfc2229570bd459028fbf92dd31cf2adb1895024e23ed6492ecdd33f1cd734

  • SHA512

    4325d47236cf796e1a169a4971c40cf9367de59bc435592c8857df8359c510209fa2b850331682393bd3abd005b09610270c7e40c5a4b6d680554cb21b285b4f

Score
10/10
doublebackpersistence

Malware Config

Targets

    • Target

      66bfc2229570bd459028fbf92dd31cf2adb1895024e23ed6492ecdd33f1cd734

    • Size

      44KB

    • MD5

      f4a46279bad62b50509c8729ba55b1fa

    • SHA1

      0be2b50b31c4a22df95942081b1c0e13e3c79850

    • SHA256

      66bfc2229570bd459028fbf92dd31cf2adb1895024e23ed6492ecdd33f1cd734

    • SHA512

      4325d47236cf796e1a169a4971c40cf9367de59bc435592c8857df8359c510209fa2b850331682393bd3abd005b09610270c7e40c5a4b6d680554cb21b285b4f

    Score
    10/10
    persistence

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Sets service image path in registry

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks