d2f0c681a4320bed07e56216d8f9b0d9a2c684ed6a1a81c42899c55eba72cef8 | Triage

Sharing

General

Target

d2f0c681a4320bed07e56216d8f9b0d9a2c684ed6a1a81c42899c55eba72cef8
Size

40KB
Sample

221021-fgk81scgc2
MD5

48d38a7d8e430dd1a0757080b0496886
SHA1

d5b6b39ac9c514f8c4edad5423319c203a56649e
SHA256

d2f0c681a4320bed07e56216d8f9b0d9a2c684ed6a1a81c42899c55eba72cef8
SHA512

1db9ce5c7b13480926cf9b3b07c701d6d3f27d1b7ce877d1cb069c358a598d8a256f18fa7e3618fa348bacec0f19241b9287f57806c3e4f893af617e07c4219b
SSDEEP

384:/TPYMmkEWPY6w8bf3helWMo9CtGRBLANCEl7fbNKjMi1ZcdIScsUWcDlQrGv4Mvb:/sMmk06w8bZYLXmGCcfbNKjMkeWxco

Score

8^/10

discovery exploit persistence

Malware Config

Targets

- Target
  
  d2f0c681a4320bed07e56216d8f9b0d9a2c684ed6a1a81c42899c55eba72cef8
- Size
  
  40KB
- MD5
  
  48d38a7d8e430dd1a0757080b0496886
- SHA1
  
  d5b6b39ac9c514f8c4edad5423319c203a56649e
- SHA256
  
  d2f0c681a4320bed07e56216d8f9b0d9a2c684ed6a1a81c42899c55eba72cef8
- SHA512
  
  1db9ce5c7b13480926cf9b3b07c701d6d3f27d1b7ce877d1cb069c358a598d8a256f18fa7e3618fa348bacec0f19241b9287f57806c3e4f893af617e07c4219b
- SSDEEP
  
  384:/TPYMmkEWPY6w8bf3helWMo9CtGRBLANCEl7fbNKjMi1ZcdIScsUWcDlQrGv4Mvb:/sMmk06w8bZYLXmGCcfbNKjMkeWxco
Score

8^/10

discovery exploit persistence
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Permissions Modification

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryexploitpersistence

behavioral2

discoveryexploitpersistence