ca5cfddd39867531ab68ca6ebd585f9ebdc4218793e3bd4c5266e84cc16fdba2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ca5cfddd39867531ab68ca6ebd585f9ebdc4218793e3bd4c5266e84cc16fdba2
Size

361KB
Sample

221129-r6nk8acf81
MD5

f5182f8a78a481fcc502e70af42d5c59
SHA1

2f36562092a32fea636620d37eef597d6e64c6da
SHA256

ca5cfddd39867531ab68ca6ebd585f9ebdc4218793e3bd4c5266e84cc16fdba2
SHA512

3081bbebfb1db0ee02070adf81893703463e72ea04f716ea53731ab490fc8f4b3a6c14d97478ed2410c717cdb9d94f1384f561c4677bf274ef77bc42638196d9
SSDEEP

6144:wflfAsiL4lIJjiJcbI03GBc3ucY5DCSjX:wflfAsiVGjSGecvX

Score

10^/10

Malware Config

Targets

- Target
  
  ca5cfddd39867531ab68ca6ebd585f9ebdc4218793e3bd4c5266e84cc16fdba2
- Size
  
  361KB
- MD5
  
  f5182f8a78a481fcc502e70af42d5c59
- SHA1
  
  2f36562092a32fea636620d37eef597d6e64c6da
- SHA256
  
  ca5cfddd39867531ab68ca6ebd585f9ebdc4218793e3bd4c5266e84cc16fdba2
- SHA512
  
  3081bbebfb1db0ee02070adf81893703463e72ea04f716ea53731ab490fc8f4b3a6c14d97478ed2410c717cdb9d94f1384f561c4677bf274ef77bc42638196d9
- SSDEEP
  
  6144:wflfAsiL4lIJjiJcbI03GBc3ucY5DCSjX:wflfAsiVGjSGecvX
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2