ab3b1bc7711a4cf1b7805660325035843f551b04172b28270c6e0acb66a7b324 | Triage

Sharing

General

Target

ab3b1bc7711a4cf1b7805660325035843f551b04172b28270c6e0acb66a7b324
Size

144KB
Sample

221130-3kj7fsab21
MD5

32f41981aa0383a8a68fd985cffa227b
SHA1

9fae6e76326ff17cb522703f2da64d4cefbf9efd
SHA256

ab3b1bc7711a4cf1b7805660325035843f551b04172b28270c6e0acb66a7b324
SHA512

f74c20ae72b4237f3fb7d4e8302af63a77cae17a50838226d0662e4cd15e3acca44365385312998a81c776d3b38b3818fc0525c4be33ca8b45fc5fdd00a5f567
SSDEEP

3072:9dCLKdYqFfGHAl5uN3+rS8de2z3KUeFbKi:cKd+Hm5ul++k3NeFO

Score

8^/10

microsoft persistence phishing

Malware Config

Targets

- Target
  
  ab3b1bc7711a4cf1b7805660325035843f551b04172b28270c6e0acb66a7b324
- Size
  
  144KB
- MD5
  
  32f41981aa0383a8a68fd985cffa227b
- SHA1
  
  9fae6e76326ff17cb522703f2da64d4cefbf9efd
- SHA256
  
  ab3b1bc7711a4cf1b7805660325035843f551b04172b28270c6e0acb66a7b324
- SHA512
  
  f74c20ae72b4237f3fb7d4e8302af63a77cae17a50838226d0662e4cd15e3acca44365385312998a81c776d3b38b3818fc0525c4be33ca8b45fc5fdd00a5f567
- SSDEEP
  
  3072:9dCLKdYqFfGHAl5uN3+rS8de2z3KUeFbKi:cKd+Hm5ul++k3NeFO
Score

8^/10

persistence microsoft phishing
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

microsoftpersistencephishing