7aac7e27cf942c4d38d34b9812037396505b5d57061171dee4754b7b322da3b0 | Triage

Sharing

General

Target

7aac7e27cf942c4d38d34b9812037396505b5d57061171dee4754b7b322da3b0
Size

74KB
Sample

221120-j97t9shd6v
MD5

23794faeeffc5db7cfe5aeec20141701
SHA1

c51e9db4b8c8d428d084016d933a6b73b6509c94
SHA256

7aac7e27cf942c4d38d34b9812037396505b5d57061171dee4754b7b322da3b0
SHA512

8c95ba29a6f991e0ba11cc39604eb1b7c26e126a4516cf11a99adb734b5c5e613d6fb84a821a46c519cc4494e4dc3990cb64964e10eeba46e3a67611ae56b185
SSDEEP

1536:W9ws3eJn6fDhPhribLDHGzPGQaDdvLORwFcdPLM3MJM8u6oBJ8dvi/u+eJ:CoHDTa9M8u6qu5ide

Score

6^/10

microsoft persistence phishing

Malware Config

Targets

- Target
  
  7aac7e27cf942c4d38d34b9812037396505b5d57061171dee4754b7b322da3b0
- Size
  
  74KB
- MD5
  
  23794faeeffc5db7cfe5aeec20141701
- SHA1
  
  c51e9db4b8c8d428d084016d933a6b73b6509c94
- SHA256
  
  7aac7e27cf942c4d38d34b9812037396505b5d57061171dee4754b7b322da3b0
- SHA512
  
  8c95ba29a6f991e0ba11cc39604eb1b7c26e126a4516cf11a99adb734b5c5e613d6fb84a821a46c519cc4494e4dc3990cb64964e10eeba46e3a67611ae56b185
- SSDEEP
  
  1536:W9ws3eJn6fDhPhribLDHGzPGQaDdvLORwFcdPLM3MJM8u6oBJ8dvi/u+eJ:CoHDTa9M8u6qu5ide
Score

6^/10

microsoft persistence phishing
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

microsoftpersistencephishing