Overview

overview

6

Static

static

9a67646b7f...48.exe

windows7-x64

5

9a67646b7f...48.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9a67646b7fa4f057e63a502477ef78896f73c3b824238e26813d4732aee65f48

  • Size

    160KB

  • Sample

    221002-jjpk1aebf8

  • MD5

    736679d1964c0b73799cd6ab497c5bb0

  • SHA1

    ed67cf8a9c306914df6c9593447f4aa4707d63dd

  • SHA256

    9a67646b7fa4f057e63a502477ef78896f73c3b824238e26813d4732aee65f48

  • SHA512

    163781651f8aae250f7d1acd27b2db0a946a28b3400397261b64b2d4f9ef15b66f724796b49de9bfed2920c0b8442a6da44d5246d610c6174856e09192e25c99

  • SSDEEP

    3072:dG2l/RFbzbnNozqqEEEUCEuRD7zA4TMMdwEcEEEU:rhbzbnmWpd7MKMM

Score
6/10
microsoftpersistencephishing

Malware Config

Targets

    • Target

      9a67646b7fa4f057e63a502477ef78896f73c3b824238e26813d4732aee65f48

    • Size

      160KB

    • MD5

      736679d1964c0b73799cd6ab497c5bb0

    • SHA1

      ed67cf8a9c306914df6c9593447f4aa4707d63dd

    • SHA256

      9a67646b7fa4f057e63a502477ef78896f73c3b824238e26813d4732aee65f48

    • SHA512

      163781651f8aae250f7d1acd27b2db0a946a28b3400397261b64b2d4f9ef15b66f724796b49de9bfed2920c0b8442a6da44d5246d610c6174856e09192e25c99

    • SSDEEP

      3072:dG2l/RFbzbnNozqqEEEUCEuRD7zA4TMMdwEcEEEU:rhbzbnmWpd7MKMM

    Score
    6/10
    microsoftpersistencephishing

    • Adds Run key to start application

      persistence

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks