a3fd9eac179dfe5f96cd4466c9ff1c0914f30a660b08fd91065e0b0cd68a4de9 | Triage

Submit
Reports

Overview

overview

Static

static

a3fd9eac17...e9.exe

windows7-x64

a3fd9eac17...e9.exe

windows10-2004-x64

8

Sharing

General

Target

a3fd9eac179dfe5f96cd4466c9ff1c0914f30a660b08fd91065e0b0cd68a4de9
Size

170KB
Sample

221123-qrqxcshf8s
MD5

dda8981aee97a3408462bc92458aed39
SHA1

1efdfbde1119d532d6e7fb33b82c19d89b9486f4
SHA256

a3fd9eac179dfe5f96cd4466c9ff1c0914f30a660b08fd91065e0b0cd68a4de9
SHA512

bc6ffcf55424e3694822383885a3848ccf1cfbd83dfe747692fbdbdf5898988a1822be1f0edae01eefc3aece34392c41df21b202c2d1e4c763e64bd87055a2f3
SSDEEP

3072:2O+0vRk64ySxQytIlLGgl74TS+uoyNVfsh/yLtcsOFJFwAqUFIe9W3wZ219V3BGJ:XVvRuyIuRGg5Kuo6shvsOFJFwd4QwZEE

Score

10^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

a3fd9eac179dfe5f96cd4466c9ff1c0914f30a660b08fd91065e0b0cd68a4de9.exe

Resource

win7-20221111-en

evasion persistence

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

a3fd9eac179dfe5f96cd4466c9ff1c0914f30a660b08fd91065e0b0cd68a4de9.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  a3fd9eac179dfe5f96cd4466c9ff1c0914f30a660b08fd91065e0b0cd68a4de9
- Size
  
  170KB
- MD5
  
  dda8981aee97a3408462bc92458aed39
- SHA1
  
  1efdfbde1119d532d6e7fb33b82c19d89b9486f4
- SHA256
  
  a3fd9eac179dfe5f96cd4466c9ff1c0914f30a660b08fd91065e0b0cd68a4de9
- SHA512
  
  bc6ffcf55424e3694822383885a3848ccf1cfbd83dfe747692fbdbdf5898988a1822be1f0edae01eefc3aece34392c41df21b202c2d1e4c763e64bd87055a2f3
- SSDEEP
  
  3072:2O+0vRk64ySxQytIlLGgl74TS+uoyNVfsh/yLtcsOFJFwAqUFIe9W3wZ219V3BGJ:XVvRuyIuRGg5Kuo6shvsOFJFwd4QwZEE
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Registers COM server for autorun
  persistence
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

© 2018-2024

Terms | Privacy