0a414caef0dabea20e23958fb882f3a8dcb1d552fd5b522c557e4e59e74204b6 | Triage

Submit
Reports

Overview

overview

Static

static

0a414caef0...b6.exe

windows7-x64

0a414caef0...b6.exe

windows10-2004-x64

Sharing

General

Target

0a414caef0dabea20e23958fb882f3a8dcb1d552fd5b522c557e4e59e74204b6
Size

647KB
Sample

221029-t4ayfsfbhp
MD5

a34ad183b9144fa2df9e50918a5e2ce0
SHA1

bb00562d2c9e7c28f236233c98c9addf30d8ad48
SHA256

0a414caef0dabea20e23958fb882f3a8dcb1d552fd5b522c557e4e59e74204b6
SHA512

84748593ee24f6a518d4692145e9176058003c66228f7cc432c554d8373a02091955032abd8238b79ec102a55f10f5fc86677b5368d77280f12dca4898f0219a
SSDEEP

12288:IcA6SbVi42BFx8dU5pbHy/1fweshYFKNlkEpQE:IOSb32H6W5pby69blkRE

Score

10^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

0a414caef0dabea20e23958fb882f3a8dcb1d552fd5b522c557e4e59e74204b6.exe

Resource

win7-20220812-en

evasion persistence

windows7-x64

24 signatures

150 seconds

Behavioral task

behavioral2

Sample

0a414caef0dabea20e23958fb882f3a8dcb1d552fd5b522c557e4e59e74204b6.exe

Resource

win10v2004-20220901-en

evasion persistence

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  0a414caef0dabea20e23958fb882f3a8dcb1d552fd5b522c557e4e59e74204b6
- Size
  
  647KB
- MD5
  
  a34ad183b9144fa2df9e50918a5e2ce0
- SHA1
  
  bb00562d2c9e7c28f236233c98c9addf30d8ad48
- SHA256
  
  0a414caef0dabea20e23958fb882f3a8dcb1d552fd5b522c557e4e59e74204b6
- SHA512
  
  84748593ee24f6a518d4692145e9176058003c66228f7cc432c554d8373a02091955032abd8238b79ec102a55f10f5fc86677b5368d77280f12dca4898f0219a
- SSDEEP
  
  12288:IcA6SbVi42BFx8dU5pbHy/1fweshYFKNlkEpQE:IOSb32H6W5pby69blkRE
Score

10^/10

evasion persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Adds policy Run key to start application
  persistence
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy