f57ace5c3adf5447bb4a8e4905a8c4001ada92954689743adb25931ab42fecf8 | Triage

Resubmissions

23-09-2022 08:16

220923-j6d3sahfcl 10

23-09-2022 04:47

220923-femdashahj 10

Sharing

General

Target

f57ace5c3adf5447bb4a8e4905a8c4001ada92954689743adb25931ab42fecf8
Size

117KB
Sample

220923-j6d3sahfcl
MD5

6dd56c2df2d4de01cf93d923d4136ba7
SHA1

825d4f52bb1347019407a5192301fd9c0612f55d
SHA256

f57ace5c3adf5447bb4a8e4905a8c4001ada92954689743adb25931ab42fecf8
SHA512

a8dd5d3f693dd6ece444084043b9e8c5b2dfbf3f77589649fbb8e017f7f42736a84ccaa7218d87ffd02e7a9d66425a005ab4beb360a727fb06cba0eef7cb96c7
SSDEEP

1536:F1hhYkm0Jpyw/nlKhZRyZz5ZL2LhFGNSDkTZ7uuH6lRcY4sWcLdI9dlXrW6u/Mmc:F1hh7RlSyZ6GNakTFuuqRThYFK6u/2

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  f57ace5c3adf5447bb4a8e4905a8c4001ada92954689743adb25931ab42fecf8
- Size
  
  117KB
- MD5
  
  6dd56c2df2d4de01cf93d923d4136ba7
- SHA1
  
  825d4f52bb1347019407a5192301fd9c0612f55d
- SHA256
  
  f57ace5c3adf5447bb4a8e4905a8c4001ada92954689743adb25931ab42fecf8
- SHA512
  
  a8dd5d3f693dd6ece444084043b9e8c5b2dfbf3f77589649fbb8e017f7f42736a84ccaa7218d87ffd02e7a9d66425a005ab4beb360a727fb06cba0eef7cb96c7
- SSDEEP
  
  1536:F1hhYkm0Jpyw/nlKhZRyZz5ZL2LhFGNSDkTZ7uuH6lRcY4sWcLdI9dlXrW6u/Mmc:F1hh7RlSyZ6GNakTFuuqRThYFK6u/2
Score

10^/10

evasion
- Modifies security service
  evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2