cfd7c061613cc428551c45f3d0d17e7ed5d268212510c260d3fa15b80f52ca21 | Triage

Sharing

General

Target

cfd7c061613cc428551c45f3d0d17e7ed5d268212510c260d3fa15b80f52ca21
Size

175KB
Sample

220919-bdgzzadgbl
MD5

97881454ddb0c235d84e3fe6748746da
SHA1

b031fe58826263341ba58778e85cd6fc7ae3bb05
SHA256

cfd7c061613cc428551c45f3d0d17e7ed5d268212510c260d3fa15b80f52ca21
SHA512

4077efb42057a24d90ba1d6f7b6e2f6311cfd6814cbbbe2f241971417284d62fa678a4c3d1d55983baeaca28ada4f8287fa46f376beb5f0e371dfbf79b0af515
SSDEEP

3072:sGgJL20ZG009teM8XnZQLpgwWyM22/z/g21rfeEr+W7REQVsIPjp9f:sdV1E08AELpRWwW/5Xp7WQVsIP19

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  cfd7c061613cc428551c45f3d0d17e7ed5d268212510c260d3fa15b80f52ca21
- Size
  
  175KB
- MD5
  
  97881454ddb0c235d84e3fe6748746da
- SHA1
  
  b031fe58826263341ba58778e85cd6fc7ae3bb05
- SHA256
  
  cfd7c061613cc428551c45f3d0d17e7ed5d268212510c260d3fa15b80f52ca21
- SHA512
  
  4077efb42057a24d90ba1d6f7b6e2f6311cfd6814cbbbe2f241971417284d62fa678a4c3d1d55983baeaca28ada4f8287fa46f376beb5f0e371dfbf79b0af515
- SSDEEP
  
  3072:sGgJL20ZG009teM8XnZQLpgwWyM22/z/g21rfeEr+W7REQVsIPjp9f:sdV1E08AELpRWwW/5Xp7WQVsIP19
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2