Overview

overview

10

Static

static

10

655b1643db...76.dll

windows7_x64

3

655b1643db...76.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    655b1643db3679764d779f1fc284b647b69285e8cd7bb28a8a235140eff42376

  • Size

    52KB

  • Sample

    220201-pvc91aeec3

  • MD5

    9f7a7c1f9c1a46cc97307ca3c657d8cd

  • SHA1

    6bfc7b2816f5d67c1dc9366d810a683ed82105a4

  • SHA256

    655b1643db3679764d779f1fc284b647b69285e8cd7bb28a8a235140eff42376

  • SHA512

    ced3e0191ec93aad8beaa56253b3cce131d81a365c03b101c8dc26e4eaff4f576fccb710a40f2012fc8ad3eeb06e1775458a38350d3abff3cdc16ff6e7f34539

Score
10/10
doublebackpersistence

Malware Config

Targets

    • Target

      655b1643db3679764d779f1fc284b647b69285e8cd7bb28a8a235140eff42376

    • Size

      52KB

    • MD5

      9f7a7c1f9c1a46cc97307ca3c657d8cd

    • SHA1

      6bfc7b2816f5d67c1dc9366d810a683ed82105a4

    • SHA256

      655b1643db3679764d779f1fc284b647b69285e8cd7bb28a8a235140eff42376

    • SHA512

      ced3e0191ec93aad8beaa56253b3cce131d81a365c03b101c8dc26e4eaff4f576fccb710a40f2012fc8ad3eeb06e1775458a38350d3abff3cdc16ff6e7f34539

    Score
    10/10
    persistence

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Sets service image path in registry

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks