7269383f20393661e1ce6cd88d9e0e279bc6a9a9c48016b9b602e4d41f1f84d1 | Triage

Submit
Reports

Overview

overview

8

Static

static

7269383f20...d1.exe

windows7-x64

8

7269383f20...d1.exe

windows10-2004-x64

8

Sharing

General

Target

7269383f20393661e1ce6cd88d9e0e279bc6a9a9c48016b9b602e4d41f1f84d1
Size

183KB
Sample

221129-jrx74sad44
MD5

80727836c7815319bcb921ad3c8acc9a
SHA1

2a3b1b4cc6e4567b46b309b0151d480594e90c44
SHA256

7269383f20393661e1ce6cd88d9e0e279bc6a9a9c48016b9b602e4d41f1f84d1
SHA512

e910612789eeaa9210b13737bb419363c196fa9afd56cf8e6173cbff0f29d88d2a27d5c69d4be2d211370d3c0e0091a592f1c7b1723d0bcb2df0d212bdc76f0e
SSDEEP

3072:3Z/AhAhAXvEEBy9uM9lyNvUftyHuIXtw0YtjJ6iZs8116i/K/+5W9iYv1qyM6v6s:3Z/UU4EEBy9BvyNvUoOwwJtMiO8116i3

Score

8^/10

microsoft persistence phishing

Static task

static1

Behavioral task

behavioral1

Sample

7269383f20393661e1ce6cd88d9e0e279bc6a9a9c48016b9b602e4d41f1f84d1.exe

Resource

win7-20221111-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

7269383f20393661e1ce6cd88d9e0e279bc6a9a9c48016b9b602e4d41f1f84d1.exe

Resource

win10v2004-20220901-en

microsoft persistence phishing

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  7269383f20393661e1ce6cd88d9e0e279bc6a9a9c48016b9b602e4d41f1f84d1
- Size
  
  183KB
- MD5
  
  80727836c7815319bcb921ad3c8acc9a
- SHA1
  
  2a3b1b4cc6e4567b46b309b0151d480594e90c44
- SHA256
  
  7269383f20393661e1ce6cd88d9e0e279bc6a9a9c48016b9b602e4d41f1f84d1
- SHA512
  
  e910612789eeaa9210b13737bb419363c196fa9afd56cf8e6173cbff0f29d88d2a27d5c69d4be2d211370d3c0e0091a592f1c7b1723d0bcb2df0d212bdc76f0e
- SSDEEP
  
  3072:3Z/AhAhAXvEEBy9uM9lyNvUftyHuIXtw0YtjJ6iZs8116i/K/+5W9iYv1qyM6v6s:3Z/UU4EEBy9BvyNvUoOwwJtMiO8116i3
Score

8^/10

microsoft persistence phishing
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

microsoftpersistencephishing

© 2018-2024

Terms | Privacy