Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14c5e34d5fc3699f1c61a28a7fce9e28b15ff768e68140b064bcb7c71ea960ed

  • Size

    2.7MB

  • Sample

    220907-17cpsadah7

  • MD5

    f2aa6f480b4cfccdf9b0d83f57b406c4

  • SHA1

    fa7dfb217432fe5777775dec37235a9458afc423

  • SHA256

    14c5e34d5fc3699f1c61a28a7fce9e28b15ff768e68140b064bcb7c71ea960ed

  • SHA512

    53ab0edcd814f00bc2ae158a975dfcef4e28a08477d789bab61ca71a2652873fff51bdb988d478d0442f6f1fe0224d9095da38e0065b06a590906729915b2a50

  • SSDEEP

    49152:V/OkG6v1KScEYMXJUpcjEFLX9nHmQHThshwN/8VwdlDZRkx8DSDB79nxNwvr2y:RGo1KSdRUpcjE59nH591fd1Z+xk6B79e

Score
10/10
discoveryevasionexploit

Malware Config

Targets

    • Target

      14c5e34d5fc3699f1c61a28a7fce9e28b15ff768e68140b064bcb7c71ea960ed

    • Size

      2.7MB

    • MD5

      f2aa6f480b4cfccdf9b0d83f57b406c4

    • SHA1

      fa7dfb217432fe5777775dec37235a9458afc423

    • SHA256

      14c5e34d5fc3699f1c61a28a7fce9e28b15ff768e68140b064bcb7c71ea960ed

    • SHA512

      53ab0edcd814f00bc2ae158a975dfcef4e28a08477d789bab61ca71a2652873fff51bdb988d478d0442f6f1fe0224d9095da38e0065b06a590906729915b2a50

    • SSDEEP

      49152:V/OkG6v1KScEYMXJUpcjEFLX9nHmQHThshwN/8VwdlDZRkx8DSDB79nxNwvr2y:RGo1KSdRUpcjE59nH591fd1Z+xk6B79e

    Score
    10/10
    discoveryevasionexploit

    • Modifies security service

      evasion

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Possible privilege escalation attempt

      exploit

    • Stops running service(s)

      evasion

    • Deletes itself

    • Modifies file permissions

      discovery

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

2
T1031

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

2
T1112

Impair Defenses

1
T1562

File Permissions Modification

1
T1222

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

1
T1489

Tasks