47a3fc2f53b23fda70aebd2345f45b3719aed818af7d4c7a63b5ed728a0a2de8 | Triage

Sharing

General

Target

47a3fc2f53b23fda70aebd2345f45b3719aed818af7d4c7a63b5ed728a0a2de8
Size

123KB
Sample

221127-tmm7fsec8w
MD5

01bf8ebfbad4da58da534a5e6a698c8d
SHA1

709d3f6437f3150cae53274bb2ad16edcbc6e007
SHA256

47a3fc2f53b23fda70aebd2345f45b3719aed818af7d4c7a63b5ed728a0a2de8
SHA512

fe3862b4793be5a192f9ba86488140ac0ace3206177b7740858728a51dfdd14a08dbbcc3810a3d2472f278c19915e33a0e9aaa98c85f992bd861d05b90cf44e0
SSDEEP

3072:RWYrvIWPo9iCQtU8AuXhhH+7Zm1wdEb9luxPHsHvi4AsO:RjHPe+UbuRhH+md0PX

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  E-Card_zu_Weichnachten_scan_foto_2834792347_12_2014_21093812_000129_001_004_002910.exe
- Size
  
  148KB
- MD5
  
  9d98c00e6856de4478554ffaa7d186b2
- SHA1
  
  10f4dc27fc03d5e31f1050607c3d91a733b95a37
- SHA256
  
  79f402d1a823a6c96389483aab9744640aa310546045f6ec76d491b0d9db356b
- SHA512
  
  5ecfdd934ebe17a4835d6c08f124c3c2bf66a9a006e8438cd9ab0c33403d037e769477946faff0e465588385ae416bce46eb6524e67b6cdad3405bb3a18c8a5f
- SSDEEP
  
  3072:Dku/PN/dw7QrkU8AuXhhHK7Zm1wdEb9leB0pPMMxgf6:wePN//kUbuRhHKmdhVMagf6
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2