4422a5e0f94ac9cfe57db508a26c51b2f77618d0a4e9bb7bdccdf8faa56d6750 | Triage

Sharing

General

Target

4422a5e0f94ac9cfe57db508a26c51b2f77618d0a4e9bb7bdccdf8faa56d6750
Size

138KB
Sample

221123-rs9ljahd89
MD5

5f9b6ca5c3233da82ef473bf1755652f
SHA1

909a2f87e4896c1171f98e7b5c9ed7219256b40c
SHA256

4422a5e0f94ac9cfe57db508a26c51b2f77618d0a4e9bb7bdccdf8faa56d6750
SHA512

b05c0613106c7b9b03862e4f4bec043822de63614fd8f1129cd20c19527ad127b59edae4d9d1082f9c2acd802e295ae641409649c55cd45c811bf2f76d66ee58
SSDEEP

3072:2sFsdtt6DWjD7YAegvJkmYqgY8wP7uCsZFo6GhEjXMkgIgUKu8fKRaAlSGr7:29dttVIAegvJkn416JRKtKpr7

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  4422a5e0f94ac9cfe57db508a26c51b2f77618d0a4e9bb7bdccdf8faa56d6750
- Size
  
  138KB
- MD5
  
  5f9b6ca5c3233da82ef473bf1755652f
- SHA1
  
  909a2f87e4896c1171f98e7b5c9ed7219256b40c
- SHA256
  
  4422a5e0f94ac9cfe57db508a26c51b2f77618d0a4e9bb7bdccdf8faa56d6750
- SHA512
  
  b05c0613106c7b9b03862e4f4bec043822de63614fd8f1129cd20c19527ad127b59edae4d9d1082f9c2acd802e295ae641409649c55cd45c811bf2f76d66ee58
- SSDEEP
  
  3072:2sFsdtt6DWjD7YAegvJkmYqgY8wP7uCsZFo6GhEjXMkgIgUKu8fKRaAlSGr7:29dttVIAegvJkn416JRKtKpr7
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2