56568feac926caa70a8f82fb4be6ed1070fd87647ac6563948dfb636c9a25acb | Triage

Submit
Reports

Overview

overview

Static

static

56568feac9...cb.exe

windows7-x64

56568feac9...cb.exe

windows10-2004-x64

Sharing

General

Target

56568feac926caa70a8f82fb4be6ed1070fd87647ac6563948dfb636c9a25acb
Size

172KB
Sample

220725-el1ntseafn
MD5

7c33132865e04e0a1233b67d3136f7ae
SHA1

377b504e9e889a305dc21c890c4a7d0aa9598661
SHA256

56568feac926caa70a8f82fb4be6ed1070fd87647ac6563948dfb636c9a25acb
SHA512

8502a268ad8b9b0aec1869ff056e7ab8f86373e2bec57d13e697b8b87c58e78c338dcf951e00a287440da7090de5832d050f76b3c26cf633e20502464ea1779f

Score

10^/10

persistence suricata

Static task

static1

Behavioral task

behavioral1

Sample

56568feac926caa70a8f82fb4be6ed1070fd87647ac6563948dfb636c9a25acb.exe

Resource

win7-20220715-en

persistence suricata

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

56568feac926caa70a8f82fb4be6ed1070fd87647ac6563948dfb636c9a25acb.exe

Resource

win10v2004-20220721-en

persistence suricata

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  56568feac926caa70a8f82fb4be6ed1070fd87647ac6563948dfb636c9a25acb
- Size
  
  172KB
- MD5
  
  7c33132865e04e0a1233b67d3136f7ae
- SHA1
  
  377b504e9e889a305dc21c890c4a7d0aa9598661
- SHA256
  
  56568feac926caa70a8f82fb4be6ed1070fd87647ac6563948dfb636c9a25acb
- SHA512
  
  8502a268ad8b9b0aec1869ff056e7ab8f86373e2bec57d13e697b8b87c58e78c338dcf951e00a287440da7090de5832d050f76b3c26cf633e20502464ea1779f
Score

10^/10

persistence suricata
- suricata: ET MALWARE ZeroAccess Outbound udp traffic detected
  suricata: ET MALWARE ZeroAccess Outbound udp traffic detected
  suricata
- suricata: ET MALWARE ZeroAccess udp traffic detected
  suricata: ET MALWARE ZeroAccess udp traffic detected
  suricata
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencesuricata

behavioral2

persistencesuricata

© 2018-2024

Terms | Privacy