30fd97d7a9a59e477fb3c5f2fcd09c847916862951f4493655515f493fda6352 | Triage

Sharing

General

Target

a28bd9e9f52e49517ca692f5e24733a15c0832fb823d767e699f0656bbd7f3f4.zip
Size

1.8MB
Sample

221123-n73jzsdg5s
MD5

5d9676e490190dbb8f1938e1c3a6332b
SHA1

66fa9ad1e4a2b6574b6c34b214d9c185e3e3a79b
SHA256

30fd97d7a9a59e477fb3c5f2fcd09c847916862951f4493655515f493fda6352
SHA512

b4fff51b38bccdbee48c3ca515ddf063456dfccecfbd14664b82e384e46625e4e049f5686fc2d0d9a4dacfbbf38c340098bc72be458be0193c0dfe18039895c7
SSDEEP

49152:fuK+qvxLYaLzlbxK/NYmAf6L9aPSfzpc8QkFrq:fsqvKaflbM/tjd9vQmq

Score

8^/10

Malware Config

Targets

- Target
  
  a28bd9e9f52e49517ca692f5e24733a15c0832fb823d767e699f0656bbd7f3f4.exe
- Size
  
  3.4MB
- MD5
  
  0349e342af5e3cf743ce2175323ac62b
- SHA1
  
  e211bcd37e233a07324419ca908f23c0cbfe658f
- SHA256
  
  a28bd9e9f52e49517ca692f5e24733a15c0832fb823d767e699f0656bbd7f3f4
- SHA512
  
  1b4c84c96fc2391916715ebdaf4634b0c1b123e075f5ade99ccf903406e48605c6b5a4d29c7cc15585866604ae1d97af6813a25155be1ccb95e69bb8c2967374
- SSDEEP
  
  98304:wivAmOlajnlMgF1X82Z+TArRschrFNyQFLOAkGkzdnEVomFHKnPe:w/KlMgDvrFNyQFLOyomFHKnPe
Score

8^/10
- Blocklisted process makes network request
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2