Overview

overview

10

Static

static

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    tmp

  • Size

    3.7MB

  • Sample

    221107-hxfpksfgcn

  • MD5

    35dbf36cc33d84930bac9d66a141af05

  • SHA1

    11e41f289355a99f812f400247632403feabd494

  • SHA256

    40ef7d8a6123e7842889f15406677fabf2534c5680f3c0df2c0087b7fe14ec63

  • SHA512

    d16cf2f1f29c6f5c838c08f055e39d2b54639ffd18b3d7dff950fc55a06c9ec495c2272456072ab014f7b81671b6ae66a89a73ccab3f78b4757f4e9129fb7fb5

  • SSDEEP

    98304:AJlcIHDP4vYrKkLBbpPAHeoqFnIBMzwNCX:+lzjP8YTBbpPA+CBbN

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      tmp

    • Size

      3.7MB

    • MD5

      35dbf36cc33d84930bac9d66a141af05

    • SHA1

      11e41f289355a99f812f400247632403feabd494

    • SHA256

      40ef7d8a6123e7842889f15406677fabf2534c5680f3c0df2c0087b7fe14ec63

    • SHA512

      d16cf2f1f29c6f5c838c08f055e39d2b54639ffd18b3d7dff950fc55a06c9ec495c2272456072ab014f7b81671b6ae66a89a73ccab3f78b4757f4e9129fb7fb5

    • SSDEEP

      98304:AJlcIHDP4vYrKkLBbpPAHeoqFnIBMzwNCX:+lzjP8YTBbpPA+CBbN

    Score
    10/10
    evasionpersistence

    • Modifies security service

      evasion

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Sets service image path in registry

      persistence

    • Stops running service(s)

      evasion

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks