116d0c92d929775aca86bfc287a11b77094ba4538bd7db2c2b1dce1f40e6c6a8 | Triage

Submit
Reports

Overview

overview

Static

static

116d0c92d9...a8.exe

windows7_x64

116d0c92d9...a8.exe

windows10-2004_x64

Sharing

General

Target

116d0c92d929775aca86bfc287a11b77094ba4538bd7db2c2b1dce1f40e6c6a8
Size

157KB
Sample

220604-e11x5sebgj
MD5

40646f36fe5551b18f86e945a11d2f36
SHA1

f661b05894fe03cde6352fabb93127d660707a81
SHA256

116d0c92d929775aca86bfc287a11b77094ba4538bd7db2c2b1dce1f40e6c6a8
SHA512

5223bae9e85e245bea47964f43baaff6c9498a6306c2d2a5436e21da7eef8c00da5ae406c6379bf897083b963e6c2eef84afe66b2edde2cd2d7f8f3e9206bd93

Score

10^/10

persistence suricata

Static task

static1

Behavioral task

behavioral1

Sample

116d0c92d929775aca86bfc287a11b77094ba4538bd7db2c2b1dce1f40e6c6a8.exe

Resource

win7-20220414-en

persistence suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

116d0c92d929775aca86bfc287a11b77094ba4538bd7db2c2b1dce1f40e6c6a8.exe

Resource

win10v2004-20220414-en

persistence suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  116d0c92d929775aca86bfc287a11b77094ba4538bd7db2c2b1dce1f40e6c6a8
- Size
  
  157KB
- MD5
  
  40646f36fe5551b18f86e945a11d2f36
- SHA1
  
  f661b05894fe03cde6352fabb93127d660707a81
- SHA256
  
  116d0c92d929775aca86bfc287a11b77094ba4538bd7db2c2b1dce1f40e6c6a8
- SHA512
  
  5223bae9e85e245bea47964f43baaff6c9498a6306c2d2a5436e21da7eef8c00da5ae406c6379bf897083b963e6c2eef84afe66b2edde2cd2d7f8f3e9206bd93
Score

10^/10

persistence suricata
- suricata: ET MALWARE ZeroAccess Outbound udp traffic detected
  suricata: ET MALWARE ZeroAccess Outbound udp traffic detected
  suricata
- suricata: ET MALWARE ZeroAccess udp traffic detected
  suricata: ET MALWARE ZeroAccess udp traffic detected
  suricata
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencesuricata

behavioral2

persistencesuricata

© 2018-2024

Terms | Privacy