3279de2990f4f99db2823d720e9bbfc306a0b9e18906e6cab714e2fedb6a5398 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

3279de2990f4f99db2823d720e9bbfc306a0b9e18906e6cab714e2fedb6a5398
Size

2.8MB
Sample

220901-17q76sbhhr
MD5

3acdc339d7a5d2758540325f7ad5055f
SHA1

d2d76492a236516d5c56eb5ca948f3d1fc0c77bc
SHA256

3279de2990f4f99db2823d720e9bbfc306a0b9e18906e6cab714e2fedb6a5398
SHA512

ba7323db77ab19f659697276fe763201e0d5f57d833c881c2e33286a75f4c117d14089aab5b871d2d9f8fb298f7bc3993b6ca75966aed7626336722cd3e30304
SSDEEP

49152:yjpxVhHNgD3GXZ5jrpaWeC1SQGi5kGKptdJ6qgedSuDcbGSDz2/Zm:ytfhH6D3IZJrpaLCrGi5rKp3JNPhiqBm

Score

10^/10

discovery evasion exploit

Static task

static1

Behavioral task

behavioral1

Sample

3279de2990f4f99db2823d720e9bbfc306a0b9e18906e6cab714e2fedb6a5398.exe

Resource

win7-20220812-en

discovery evasion exploit

windows7-x64

20 signatures

300 seconds

Behavioral task

behavioral2

Sample

3279de2990f4f99db2823d720e9bbfc306a0b9e18906e6cab714e2fedb6a5398.exe

Resource

win10-20220812-en

discovery evasion exploit

windows10-1703-x64

21 signatures

300 seconds

Malware Config

Targets

- Target
  
  3279de2990f4f99db2823d720e9bbfc306a0b9e18906e6cab714e2fedb6a5398
- Size
  
  2.8MB
- MD5
  
  3acdc339d7a5d2758540325f7ad5055f
- SHA1
  
  d2d76492a236516d5c56eb5ca948f3d1fc0c77bc
- SHA256
  
  3279de2990f4f99db2823d720e9bbfc306a0b9e18906e6cab714e2fedb6a5398
- SHA512
  
  ba7323db77ab19f659697276fe763201e0d5f57d833c881c2e33286a75f4c117d14089aab5b871d2d9f8fb298f7bc3993b6ca75966aed7626336722cd3e30304
- SSDEEP
  
  49152:yjpxVhHNgD3GXZ5jrpaWeC1SQGi5kGKptdJ6qgedSuDcbGSDz2/Zm:ytfhH6D3IZJrpaLCrGi5rKp3JNPhiqBm
Score

10^/10

discovery evasion exploit
- Modifies security service
  evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in Drivers directory
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

File and Directory Permissions Modification

Impair Defenses

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexploit

behavioral2

discoveryevasionexploit

© 2018-2024

Terms | Privacy