a19fb7204365c980e5f7f4f1d32b9c0896c18f57be083e2bf987f7eebdff581b | Triage

Submit
Reports

Overview

overview

9

Static

static

5

a19fb72043...1b.exe

windows7-x64

9

a19fb72043...1b.exe

windows10-2004-x64

9

Sharing

General

Target

a19fb7204365c980e5f7f4f1d32b9c0896c18f57be083e2bf987f7eebdff581b
Size

1.9MB
Sample

221121-2rrz7sac94
MD5

4def45e2c114c4463aa31cc470a329e0
SHA1

7105a22ffc93978697654e0ed4baf5990e2650eb
SHA256

a19fb7204365c980e5f7f4f1d32b9c0896c18f57be083e2bf987f7eebdff581b
SHA512

d0d96c57f712e35fac0db26783deff646cc111561668695c7412113ceaf9e5c230e13fe9fab1dd0ae88bad897ca0d7efc777efa0b046f52df9534f9d7d2516f8
SSDEEP

24576:KRmJkcoQricOIQxiZY1iaLYus0JMmh1t1Sh2LRnevup7LddhFPa5Acksvom:PJZoQrbTFZY1ia0gJMmP+n

Score

9^/10

microsoft persistence phishing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a19fb7204365c980e5f7f4f1d32b9c0896c18f57be083e2bf987f7eebdff581b.exe

Resource

win7-20221111-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

a19fb7204365c980e5f7f4f1d32b9c0896c18f57be083e2bf987f7eebdff581b.exe

Resource

win10v2004-20220812-en

microsoft persistence phishing

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  a19fb7204365c980e5f7f4f1d32b9c0896c18f57be083e2bf987f7eebdff581b
- Size
  
  1.9MB
- MD5
  
  4def45e2c114c4463aa31cc470a329e0
- SHA1
  
  7105a22ffc93978697654e0ed4baf5990e2650eb
- SHA256
  
  a19fb7204365c980e5f7f4f1d32b9c0896c18f57be083e2bf987f7eebdff581b
- SHA512
  
  d0d96c57f712e35fac0db26783deff646cc111561668695c7412113ceaf9e5c230e13fe9fab1dd0ae88bad897ca0d7efc777efa0b046f52df9534f9d7d2516f8
- SSDEEP
  
  24576:KRmJkcoQricOIQxiZY1iaLYus0JMmh1t1Sh2LRnevup7LddhFPa5Acksvom:PJZoQrbTFZY1ia0gJMmP+n
Score

9^/10

microsoft persistence phishing
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

microsoftpersistencephishing

© 2018-2024

Terms | Privacy