ad1da793204a9e6d5230c8da64861ebf19ef7ad98e448a2a57cc15817a6b8329 | Triage

Sharing

General

Target

ad1da793204a9e6d5230c8da64861ebf19ef7ad98e448a2a57cc15817a6b8329
Size

254KB
Sample

221129-hf4ebahc81
MD5

7a687b539634a56d6bfbb95c461b9956
SHA1

698db2ac99fc32247892fec98dde20e8942eee31
SHA256

ad1da793204a9e6d5230c8da64861ebf19ef7ad98e448a2a57cc15817a6b8329
SHA512

af5eaf83f10b086df3aa787a43cb310249f98b1255ca40067bd692227d62edaa64c320f1f1c311be6cc2ca4b9fe8b9f2900aaae9e21f566bacdc4a174d213d63
SSDEEP

6144:99d6Qdl8ffv4fp9T0BzNHynkLaWVkLfzoM5Ks:/d6QdC3v4h9ToNHeEilKs

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  ad1da793204a9e6d5230c8da64861ebf19ef7ad98e448a2a57cc15817a6b8329
- Size
  
  254KB
- MD5
  
  7a687b539634a56d6bfbb95c461b9956
- SHA1
  
  698db2ac99fc32247892fec98dde20e8942eee31
- SHA256
  
  ad1da793204a9e6d5230c8da64861ebf19ef7ad98e448a2a57cc15817a6b8329
- SHA512
  
  af5eaf83f10b086df3aa787a43cb310249f98b1255ca40067bd692227d62edaa64c320f1f1c311be6cc2ca4b9fe8b9f2900aaae9e21f566bacdc4a174d213d63
- SSDEEP
  
  6144:99d6Qdl8ffv4fp9T0BzNHynkLaWVkLfzoM5Ks:/d6QdC3v4h9ToNHeEilKs
Score

10^/10

evasion
- Modifies firewall policy service
  evasion
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2