f97f4404be87513240a9a48bfc726de92e94e5342b5833de7bf303e05c8fc6c6 | Triage

Sharing

General

Target

f97f4404be87513240a9a48bfc726de92e94e5342b5833de7bf303e05c8fc6c6
Size

3.3MB
Sample

221124-rwhl8adh9s
MD5

1c4b3684c5dd11a1a462a9516f90f05e
SHA1

39805472d2f5b72b57fdd7385d097e0a368de3cd
SHA256

f97f4404be87513240a9a48bfc726de92e94e5342b5833de7bf303e05c8fc6c6
SHA512

c6da7bb30cff49be9f18ec9fcc9708316d1ee467d8be3a616745bc80bfaaf2ce894face06149c7e086e5671d640c25c6cd46b31e2bc8cc11e0059b8f1e1fec27
SSDEEP

98304:T3YobVRxj94j/JpY6A7PFLiWg5RxjUZzJ:7YeujnY6aIrYZ9

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  f97f4404be87513240a9a48bfc726de92e94e5342b5833de7bf303e05c8fc6c6
- Size
  
  3.3MB
- MD5
  
  1c4b3684c5dd11a1a462a9516f90f05e
- SHA1
  
  39805472d2f5b72b57fdd7385d097e0a368de3cd
- SHA256
  
  f97f4404be87513240a9a48bfc726de92e94e5342b5833de7bf303e05c8fc6c6
- SHA512
  
  c6da7bb30cff49be9f18ec9fcc9708316d1ee467d8be3a616745bc80bfaaf2ce894face06149c7e086e5671d640c25c6cd46b31e2bc8cc11e0059b8f1e1fec27
- SSDEEP
  
  98304:T3YobVRxj94j/JpY6A7PFLiWg5RxjUZzJ:7YeujnY6aIrYZ9
Score

8^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2