aa7e9cb8aa66f58188751e0ef60bc4100adf440a5417deeeaadca0c9b885a539 | Triage

Sharing

General

Target

aa7e9cb8aa66f58188751e0ef60bc4100adf440a5417deeeaadca0c9b885a539
Size

267KB
Sample

221123-qpljvshe3y
MD5

e29f60cbd31d8bbe66c75c7f7c179cdd
SHA1

015e3b5a56c7fb75d0875afcf4882bfc0af589cd
SHA256

aa7e9cb8aa66f58188751e0ef60bc4100adf440a5417deeeaadca0c9b885a539
SHA512

96c44f79ad45279a684b1826449b9f811571dc6f2fc67bc99f8ba4332195fe7c8d71a2339de5ed7c7630aac8cd2449139a01a9fe452fa4292891a696bace22fb
SSDEEP

6144:RvrdGkZ0z0xwHXxUeOJ6OOAfW0eMJZung3b:Rvrdz0z/HXOeRDAuZng3b

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  aa7e9cb8aa66f58188751e0ef60bc4100adf440a5417deeeaadca0c9b885a539
- Size
  
  267KB
- MD5
  
  e29f60cbd31d8bbe66c75c7f7c179cdd
- SHA1
  
  015e3b5a56c7fb75d0875afcf4882bfc0af589cd
- SHA256
  
  aa7e9cb8aa66f58188751e0ef60bc4100adf440a5417deeeaadca0c9b885a539
- SHA512
  
  96c44f79ad45279a684b1826449b9f811571dc6f2fc67bc99f8ba4332195fe7c8d71a2339de5ed7c7630aac8cd2449139a01a9fe452fa4292891a696bace22fb
- SSDEEP
  
  6144:RvrdGkZ0z0xwHXxUeOJ6OOAfW0eMJZung3b:Rvrdz0z/HXOeRDAuZng3b
Score

8^/10

persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2