0e4e4d463922fd791d30480bcc21d94ee1ab153d1a7c15321f9966b20f6c15b4 | Triage

Submit
Reports

Overview

overview

Static

static

0e4e4d4639...b4.exe

windows7-x64

0e4e4d4639...b4.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

0e4e4d463922fd791d30480bcc21d94ee1ab153d1a7c15321f9966b20f6c15b4
Size

154KB
Sample

221011-xdd4zahgf5
MD5

2994add0de3ad26638a4fd2dc2bf0fc4
SHA1

233bd5388a950e8258a8c5159e428b8bfe73202a
SHA256

0e4e4d463922fd791d30480bcc21d94ee1ab153d1a7c15321f9966b20f6c15b4
SHA512

950502bded8a7e7e733490b9e786ad1ebadc66e93e9ba1d2f4013d13eabbdd0c7413a19ea49acc857c6c9b52255e14113afb19e446dbe9d0a7456d82f31d5f86
SSDEEP

3072:QJ4UuNxoD+rewiM/TnZZ6U9+zWjWzJKVQsBAqc9YhYGZf4xsTW:ywxoDqe0/TTUWySBAXg5ZwxsTW

Score

10^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

0e4e4d463922fd791d30480bcc21d94ee1ab153d1a7c15321f9966b20f6c15b4.exe

Resource

win7-20220812-en

evasion persistence

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

0e4e4d463922fd791d30480bcc21d94ee1ab153d1a7c15321f9966b20f6c15b4.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  0e4e4d463922fd791d30480bcc21d94ee1ab153d1a7c15321f9966b20f6c15b4
- Size
  
  154KB
- MD5
  
  2994add0de3ad26638a4fd2dc2bf0fc4
- SHA1
  
  233bd5388a950e8258a8c5159e428b8bfe73202a
- SHA256
  
  0e4e4d463922fd791d30480bcc21d94ee1ab153d1a7c15321f9966b20f6c15b4
- SHA512
  
  950502bded8a7e7e733490b9e786ad1ebadc66e93e9ba1d2f4013d13eabbdd0c7413a19ea49acc857c6c9b52255e14113afb19e446dbe9d0a7456d82f31d5f86
- SSDEEP
  
  3072:QJ4UuNxoD+rewiM/TnZZ6U9+zWjWzJKVQsBAqc9YhYGZf4xsTW:ywxoDqe0/TTUWySBAXg5ZwxsTW
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Deletes itself
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

© 2018-2025

Terms | Privacy