Overview

overview

8

Static

static

37a7ea3707...66.exe

windows7-x64

3

37a7ea3707...66.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    37a7ea370741831edecc7a018396f8755660d25a490ad198d7a4563919ba5966

  • Size

    462KB

  • Sample

    221003-2zdsjsbcbq

  • MD5

    00d0d3e76c320cd335e06085d8f3d630

  • SHA1

    eb81962e78b8cbc39e14be4f36bd129dc0b9c721

  • SHA256

    37a7ea370741831edecc7a018396f8755660d25a490ad198d7a4563919ba5966

  • SHA512

    547fdedf0daa4242b0ea4cee264ca8fd548730a2d583635748a2d530655192d6b1ca61e6ff997fc638b409b2628dd9e8fb7a46109c0223720da7b661543aa9a9

  • SSDEEP

    6144:kv9kU6Gmdv0qT85GO4KpzJrJDWni+efgSJim1WDSV:kq4IvJTm9VMJPSJimED0

Score
8/10
microsoftpersistencephishing

Malware Config

Targets

    • Target

      37a7ea370741831edecc7a018396f8755660d25a490ad198d7a4563919ba5966

    • Size

      462KB

    • MD5

      00d0d3e76c320cd335e06085d8f3d630

    • SHA1

      eb81962e78b8cbc39e14be4f36bd129dc0b9c721

    • SHA256

      37a7ea370741831edecc7a018396f8755660d25a490ad198d7a4563919ba5966

    • SHA512

      547fdedf0daa4242b0ea4cee264ca8fd548730a2d583635748a2d530655192d6b1ca61e6ff997fc638b409b2628dd9e8fb7a46109c0223720da7b661543aa9a9

    • SSDEEP

      6144:kv9kU6Gmdv0qT85GO4KpzJrJDWni+efgSJim1WDSV:kq4IvJTm9VMJPSJimED0

    Score
    8/10
    microsoftpersistencephishing

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks