d064b1b9e6fdb0d8db611366c7152b2cf77702eeafb7c206d191fc4b4e78821e | Triage

Sharing

General

Target

d064b1b9e6fdb0d8db611366c7152b2cf77702eeafb7c206d191fc4b4e78821e
Size

2.2MB
Sample

221009-17442aacdj
MD5

5e1cf6f63e204bb56bd945f0588999cd
SHA1

8ceef2028db6d0bc142f1c44870b4c6488f1e9f7
SHA256

d064b1b9e6fdb0d8db611366c7152b2cf77702eeafb7c206d191fc4b4e78821e
SHA512

54c09a0a04944826dc7df5dffa78f6cdcc0bc7e71cc92750c52fb014bd4aac8e0ec47d1f9bd74a957730a2ba917b0719f9d79dfa60841b54a751abc48c95806d
SSDEEP

12288:BnvL4W7oTE10oBQOAtW02JXmesVoGgcVylnsG8hIZBpi4bhJSs4dAgIGox660L:JswokmzlL4FJ/FL6

Score

8^/10

Malware Config

Targets

- Target
  
  d064b1b9e6fdb0d8db611366c7152b2cf77702eeafb7c206d191fc4b4e78821e
- Size
  
  2.2MB
- MD5
  
  5e1cf6f63e204bb56bd945f0588999cd
- SHA1
  
  8ceef2028db6d0bc142f1c44870b4c6488f1e9f7
- SHA256
  
  d064b1b9e6fdb0d8db611366c7152b2cf77702eeafb7c206d191fc4b4e78821e
- SHA512
  
  54c09a0a04944826dc7df5dffa78f6cdcc0bc7e71cc92750c52fb014bd4aac8e0ec47d1f9bd74a957730a2ba917b0719f9d79dfa60841b54a751abc48c95806d
- SSDEEP
  
  12288:BnvL4W7oTE10oBQOAtW02JXmesVoGgcVylnsG8hIZBpi4bhJSs4dAgIGox660L:JswokmzlL4FJ/FL6
Score

8^/10
- Executes dropped EXE
- Uses the VBS compiler for execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2