cc1486e1cfad889f62072f31c5e63c7ed6f9fc861787d61618ecceca16bae29a | Triage

Submit
Reports

Overview

overview

Static

static

cc1486e1cf...9a.exe

windows7-x64

cc1486e1cf...9a.exe

windows10-2004-x64

8

Sharing

General

Target

cc1486e1cfad889f62072f31c5e63c7ed6f9fc861787d61618ecceca16bae29a
Size

200KB
Sample

221124-xvkm3sgd7z
MD5

f8e753c07bea00e2ba2bc8da0b062670
SHA1

ccf6de270318d504c35ffdbca2aa479cac744c2d
SHA256

cc1486e1cfad889f62072f31c5e63c7ed6f9fc861787d61618ecceca16bae29a
SHA512

78a41b2628f242e747ac0853572a79fb286c19e41716e29d9d8e89cfaeae0fa88b8426bede33053030ba46f9a14e5819c7eb0159cfa611aae054ccc64184df2e
SSDEEP

3072:5ipy77aAkkCd8rYFBUo5FNZSfYmtw/R/yH2yFfZsYcrmDKVT+BDALV:5iQ7zNo5FNcf4R/dXmDObV

Score

10^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

cc1486e1cfad889f62072f31c5e63c7ed6f9fc861787d61618ecceca16bae29a.exe

Resource

win7-20220812-en

evasion persistence

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

cc1486e1cfad889f62072f31c5e63c7ed6f9fc861787d61618ecceca16bae29a.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  cc1486e1cfad889f62072f31c5e63c7ed6f9fc861787d61618ecceca16bae29a
- Size
  
  200KB
- MD5
  
  f8e753c07bea00e2ba2bc8da0b062670
- SHA1
  
  ccf6de270318d504c35ffdbca2aa479cac744c2d
- SHA256
  
  cc1486e1cfad889f62072f31c5e63c7ed6f9fc861787d61618ecceca16bae29a
- SHA512
  
  78a41b2628f242e747ac0853572a79fb286c19e41716e29d9d8e89cfaeae0fa88b8426bede33053030ba46f9a14e5819c7eb0159cfa611aae054ccc64184df2e
- SSDEEP
  
  3072:5ipy77aAkkCd8rYFBUo5FNZSfYmtw/R/yH2yFfZsYcrmDKVT+BDALV:5iQ7zNo5FNcf4R/dXmDObV
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

© 2018-2024

Terms | Privacy