6ee176a46165824b8d6c8d35d22461962de074f9d92a1ef2d13249d112841ed0 | Triage

Submit
Reports

Overview

overview

Static

static

6ee176a461...d0.exe

windows7-x64

6ee176a461...d0.exe

windows10-2004-x64

7

Sharing

General

Target

6ee176a46165824b8d6c8d35d22461962de074f9d92a1ef2d13249d112841ed0
Size

143KB
Sample

221011-wtppzahahk
MD5

164186ece7e389979854a10a9c98c000
SHA1

92560b1b7faba5613dc184513e52d3ead22ad282
SHA256

6ee176a46165824b8d6c8d35d22461962de074f9d92a1ef2d13249d112841ed0
SHA512

5b697cf1a87a95e7dcc29f2d439578e74d47692867f4c0efa45b1137e0e2d3953464b1344fcb47ca269f0845fceae01aaede8fb9d1e4e4315a42dd1d479626ae
SSDEEP

3072:nH5MoKDWUlmAFMzFNapan3pJz1s73JgaS0+B1q3i:nWoKZv0Yan3pcLq1B

Score

10^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

6ee176a46165824b8d6c8d35d22461962de074f9d92a1ef2d13249d112841ed0.exe

Resource

win7-20220812-en

evasion persistence

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

6ee176a46165824b8d6c8d35d22461962de074f9d92a1ef2d13249d112841ed0.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  6ee176a46165824b8d6c8d35d22461962de074f9d92a1ef2d13249d112841ed0
- Size
  
  143KB
- MD5
  
  164186ece7e389979854a10a9c98c000
- SHA1
  
  92560b1b7faba5613dc184513e52d3ead22ad282
- SHA256
  
  6ee176a46165824b8d6c8d35d22461962de074f9d92a1ef2d13249d112841ed0
- SHA512
  
  5b697cf1a87a95e7dcc29f2d439578e74d47692867f4c0efa45b1137e0e2d3953464b1344fcb47ca269f0845fceae01aaede8fb9d1e4e4315a42dd1d479626ae
- SSDEEP
  
  3072:nH5MoKDWUlmAFMzFNapan3pJz1s73JgaS0+B1q3i:nWoKZv0Yan3pcLq1B
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

© 2018-2025

Terms | Privacy