12bffed9dcafd95682c6ea71674ed5e080a9215c54db1c947f8ebbf51c49e6b0 | Triage

Submit
Reports

Overview

overview

Static

static

12bffed9dc...b0.exe

windows7-x64

12bffed9dc...b0.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

12bffed9dcafd95682c6ea71674ed5e080a9215c54db1c947f8ebbf51c49e6b0
Size

117KB
Sample

221020-g21d4shbgq
MD5

8133227d9262a562501c984bf1d475c0
SHA1

c430930ebee8bf3712cbbc3808b1498686fb8a91
SHA256

12bffed9dcafd95682c6ea71674ed5e080a9215c54db1c947f8ebbf51c49e6b0
SHA512

2d7d16f1850270d38fedb1f66b5548d39b7c8b12a683f8233095b018681303a5f4c9f24e56f9a1afacd1d017e729bfe11c7f8d653b6fd9652e73d2cd37bc4761
SSDEEP

3072:saJmcpbHhhG5UUUUUUUUUUUUUUUUUUUUUUUUUUAtGB6p1+Y:saPYZ

Score

10^/10

evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

12bffed9dcafd95682c6ea71674ed5e080a9215c54db1c947f8ebbf51c49e6b0.exe

Resource

win7-20220812-en

evasion persistence trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

12bffed9dcafd95682c6ea71674ed5e080a9215c54db1c947f8ebbf51c49e6b0.exe

Resource

win10v2004-20220812-en

evasion persistence trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  12bffed9dcafd95682c6ea71674ed5e080a9215c54db1c947f8ebbf51c49e6b0
- Size
  
  117KB
- MD5
  
  8133227d9262a562501c984bf1d475c0
- SHA1
  
  c430930ebee8bf3712cbbc3808b1498686fb8a91
- SHA256
  
  12bffed9dcafd95682c6ea71674ed5e080a9215c54db1c947f8ebbf51c49e6b0
- SHA512
  
  2d7d16f1850270d38fedb1f66b5548d39b7c8b12a683f8233095b018681303a5f4c9f24e56f9a1afacd1d017e729bfe11c7f8d653b6fd9652e73d2cd37bc4761
- SSDEEP
  
  3072:saJmcpbHhhG5UUUUUUUUUUUUUUUUUUUUUUUUUUAtGB6p1+Y:saPYZ
Score

10^/10

evasion persistence trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Drops file in Drivers directory
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan

© 2018-2025

Terms | Privacy