Overview

overview

10

Static

static

988103f227...59.exe

windows7_x64

8

988103f227...59.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    988103f227a80a74be7836bd77d6dfd70c3bedff8c6f574e5818a5f6e52fe059

  • Size

    3.8MB

  • Sample

    220524-azyn6sadd2

  • MD5

    795847175d72c68819a2f8e0dfed1e98

  • SHA1

    00c46c3540cbaa0b5a3e072ad0cd6a35fad49102

  • SHA256

    988103f227a80a74be7836bd77d6dfd70c3bedff8c6f574e5818a5f6e52fe059

  • SHA512

    316eb4693aa242f94ee9071d6a82db81ec851dd40cee6879c2ea924fed7c3ae9ab02e7cab5a7c51231a54c3ffc4df3536a5ff5b99902f8a8af440232357c9d5a

Score
10/10
evasion

Malware Config

Targets

    • Target

      988103f227a80a74be7836bd77d6dfd70c3bedff8c6f574e5818a5f6e52fe059

    • Size

      3.8MB

    • MD5

      795847175d72c68819a2f8e0dfed1e98

    • SHA1

      00c46c3540cbaa0b5a3e072ad0cd6a35fad49102

    • SHA256

      988103f227a80a74be7836bd77d6dfd70c3bedff8c6f574e5818a5f6e52fe059

    • SHA512

      316eb4693aa242f94ee9071d6a82db81ec851dd40cee6879c2ea924fed7c3ae9ab02e7cab5a7c51231a54c3ffc4df3536a5ff5b99902f8a8af440232357c9d5a

    Score
    10/10
    evasion

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Modifies Windows Firewall

      evasion

    • Modifies boot configuration data using bcdedit

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks