c39c77b0016195a9bdc4bd077b1b125d2f60cc0016a3f84a68d6c58bf4852e06 | Triage

Submit
Reports

Overview

overview

Static

static

c39c77b001...06.exe

windows7-x64

c39c77b001...06.exe

windows10-2004-x64

Sharing

General

Target

c39c77b0016195a9bdc4bd077b1b125d2f60cc0016a3f84a68d6c58bf4852e06
Size

920KB
Sample

221003-vdsw1sfeeq
MD5

5c082fea579b6c72d426961c2342c625
SHA1

a6160691d1f1a8408e12c3ae6a58a702b67df05b
SHA256

c39c77b0016195a9bdc4bd077b1b125d2f60cc0016a3f84a68d6c58bf4852e06
SHA512

0eaf60ed57b0a88fc774b28a6c1bc3992c28811805f79debbafeb2abf37b07800609b344268583b73f6e8e0149d773bf8579cdf768ba091eeb864743d840b824
SSDEEP

6144:es0Coo08x5IFkvtcwKuHhPAznhJBy1J5CQSojuQ8SRyYnaNSOuxJ5CQSojuQ8SRW:eIXzFJHm7hD7QuJNYnncQuJrnuYnn

Score

10^/10

microsoft evasion persistence phishing

Static task

static1

Behavioral task

behavioral1

Sample

c39c77b0016195a9bdc4bd077b1b125d2f60cc0016a3f84a68d6c58bf4852e06.exe

Resource

win7-20220812-en

evasion persistence

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

c39c77b0016195a9bdc4bd077b1b125d2f60cc0016a3f84a68d6c58bf4852e06.exe

Resource

win10v2004-20220901-en

microsoft evasion persistence phishing

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  c39c77b0016195a9bdc4bd077b1b125d2f60cc0016a3f84a68d6c58bf4852e06
- Size
  
  920KB
- MD5
  
  5c082fea579b6c72d426961c2342c625
- SHA1
  
  a6160691d1f1a8408e12c3ae6a58a702b67df05b
- SHA256
  
  c39c77b0016195a9bdc4bd077b1b125d2f60cc0016a3f84a68d6c58bf4852e06
- SHA512
  
  0eaf60ed57b0a88fc774b28a6c1bc3992c28811805f79debbafeb2abf37b07800609b344268583b73f6e8e0149d773bf8579cdf768ba091eeb864743d840b824
- SSDEEP
  
  6144:es0Coo08x5IFkvtcwKuHhPAznhJBy1J5CQSojuQ8SRyYnaNSOuxJ5CQSojuQ8SRW:eIXzFJHm7hD7QuJNYnncQuJrnuYnn
Score

10^/10

evasion persistence microsoft phishing
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

microsoftevasionpersistencephishing

© 2018-2024

Terms | Privacy