Overview

overview

8

Static

static

5dd2390222...de.exe

windows7-x64

8

5dd2390222...de.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5dd2390222c5e0b3476122fb9305932faa33e311a6ab062218c55be911a0f6de

  • Size

    292KB

  • Sample

    221107-p24ersgch4

  • MD5

    0cce48f3e156333bf22e3305e4592de0

  • SHA1

    34f80185ccc4e98c70d2ce171421137e5eef9599

  • SHA256

    5dd2390222c5e0b3476122fb9305932faa33e311a6ab062218c55be911a0f6de

  • SHA512

    081942feef4a7cfba4a1f8788afd5641ea08ee8c61157f1725e6a21fe86c953487c7ca6fcb037a838524c0a3a4fa336de611b10e0d3fb53b2e4503d3557c7370

  • SSDEEP

    6144:spFXJCEGWhXGwOIY9xzR9kCN5tfJCecPc3NeFc:aJCEGWGuYrN5tf8eck3wF

Score
8/10
microsoftpersistencephishing

Malware Config

Targets

    • Target

      5dd2390222c5e0b3476122fb9305932faa33e311a6ab062218c55be911a0f6de

    • Size

      292KB

    • MD5

      0cce48f3e156333bf22e3305e4592de0

    • SHA1

      34f80185ccc4e98c70d2ce171421137e5eef9599

    • SHA256

      5dd2390222c5e0b3476122fb9305932faa33e311a6ab062218c55be911a0f6de

    • SHA512

      081942feef4a7cfba4a1f8788afd5641ea08ee8c61157f1725e6a21fe86c953487c7ca6fcb037a838524c0a3a4fa336de611b10e0d3fb53b2e4503d3557c7370

    • SSDEEP

      6144:spFXJCEGWhXGwOIY9xzR9kCN5tfJCecPc3NeFc:aJCEGWGuYrN5tf8eck3wF

    Score
    8/10
    persistencemicrosoftphishing

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks