doubleback | 7e682a5a643eb9d96a3b3e248caa879ba6c08c960f8d97337d7060e146d2475c | Triage

Submit
Reports

Overview

overview

Static

static

7e682a5a64...5c.dll

windows7_x64

3

7e682a5a64...5c.dll

windows10-2004_x64

Sharing

General

Target

7e682a5a643eb9d96a3b3e248caa879ba6c08c960f8d97337d7060e146d2475c
Size

37KB
Sample

220204-tyqrqacdd2
MD5

86f803bc46706fb543f147ab108cf358
SHA1

4960d039f6e951b6fbb1df04d3d3351d558d29a5
SHA256

7e682a5a643eb9d96a3b3e248caa879ba6c08c960f8d97337d7060e146d2475c
SHA512

ee6200da84267fd32005512eaaab2bce021592d40c9424a443c289ad0769d0b131b5b771e819c6bf42308823bc4f4c9356ae2e541fbaf7fca1e40eccbf32e4f4

Score

10^/10

doubleback persistence

Static task

static1

Behavioral task

behavioral1

Sample

7e682a5a643eb9d96a3b3e248caa879ba6c08c960f8d97337d7060e146d2475c.dll

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

7e682a5a643eb9d96a3b3e248caa879ba6c08c960f8d97337d7060e146d2475c.dll

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  7e682a5a643eb9d96a3b3e248caa879ba6c08c960f8d97337d7060e146d2475c
- Size
  
  37KB
- MD5
  
  86f803bc46706fb543f147ab108cf358
- SHA1
  
  4960d039f6e951b6fbb1df04d3d3351d558d29a5
- SHA256
  
  7e682a5a643eb9d96a3b3e248caa879ba6c08c960f8d97337d7060e146d2475c
- SHA512
  
  ee6200da84267fd32005512eaaab2bce021592d40c9424a443c289ad0769d0b131b5b771e819c6bf42308823bc4f4c9356ae2e541fbaf7fca1e40eccbf32e4f4
Score

10^/10

persistence
- Suspicious use of NtCreateProcessExOtherParentProcess
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy