465b187a795c015825c5a0a1791d1587a90079759b0f418ff5ea6afc44dd68d0

Target

Size

2MB

Sample

220510-l98gxaged2

Score

10 ^/10

MD5

79dbc1a54d33366681f1e926d565cad4

SHA1

907cf0ec6784bf140f9759d6931d3697da0fc229

SHA256

465b187a795c015825c5a0a1791d1587a90079759b0f418ff5ea6afc44dd68d0

SHA512

6d66ae7edc6028e8bc1eac9caf85f5d2d38a6c000e5fa907c9eec5786b225aeeb7c0b565bee9aa7b09f6f792d0857e3d06f0e3ed832d73047506a18ce15371dd

Target

465b187a795c015825c5a0a1791d1587a90079759b0f418ff5ea6afc44dd68d0

MD5

79dbc1a54d33366681f1e926d565cad4

Filesize

2MB

Score

10^/10

SHA1

907cf0ec6784bf140f9759d6931d3697da0fc229

SHA256

465b187a795c015825c5a0a1791d1587a90079759b0f418ff5ea6afc44dd68d0

SHA512

6d66ae7edc6028e8bc1eac9caf85f5d2d38a6c000e5fa907c9eec5786b225aeeb7c0b565bee9aa7b09f6f792d0857e3d06f0e3ed832d73047506a18ce15371dd

Signatures

Modifies security service
Tags

evasion

TTPs

Modify RegistryModify Existing Service
Executes dropped EXE
Possible privilege escalation attempt
Tags

exploit
Stops running service(s)
Tags

evasion

TTPs

Modify Existing ServiceService Stop
Modifies file permissions
Tags

discovery

TTPs

File Permissions Modification
Drops file in System32 directory
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Service Stop

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

discovery evasion exploit

10^/10

behavioral2

discovery evasion exploit

10^/10

Tags

Signatures

Modifies security service

Tags

TTPs

Executes dropped EXE

Possible privilege escalation attempt

Tags

Stops running service(s)

Tags

TTPs

Modifies file permissions

Tags

TTPs

Drops file in System32 directory

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2