929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3
Size

303KB
Sample

221003-trgv8sedej
MD5

60e9e61afc89f8b42c91b86e17193110
SHA1

ab46adc933342f541871e6f0f935d176d86bad2a
SHA256

929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3
SHA512

eb9cc4a53ada8dc3206a205e7a6260edd9d7f671a59520808acb832844e3040ac7eb57dfd8d40ca9dd268fb5166c592365098c9191521c18fbb25364466d4dc1
SSDEEP

3072:lHUMU4MQXRs12IoIXMuL9SQ6oOUoBKmWAvvnM:RUMU4MQXRssIRMIMNUoQP

Score

9^/10

discovery persistence

Malware Config

Targets

- Target
  
  929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3
- Size
  
  303KB
- MD5
  
  60e9e61afc89f8b42c91b86e17193110
- SHA1
  
  ab46adc933342f541871e6f0f935d176d86bad2a
- SHA256
  
  929119f477345f21ec46fc77af0017496c66200dca8ee9802b85c548eda47ae3
- SHA512
  
  eb9cc4a53ada8dc3206a205e7a6260edd9d7f671a59520808acb832844e3040ac7eb57dfd8d40ca9dd268fb5166c592365098c9191521c18fbb25364466d4dc1
- SSDEEP
  
  3072:lHUMU4MQXRs12IoIXMuL9SQ6oOUoBKmWAvvnM:RUMU4MQXRssIRMIMNUoQP
Score

9^/10

discovery persistence
- Contacts a large (2069) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Registers COM server for autorun
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence