ab3b1bc7711a4cf1b7805660325035843f551b04172b28270c6e0acb66a7b324 | Triage

Submit
Reports

Overview

overview

8

Static

static

ab3b1bc771...24.exe

windows7-x64

8

ab3b1bc771...24.exe

windows10-2004-x64

8

Sharing

General

Target

ab3b1bc7711a4cf1b7805660325035843f551b04172b28270c6e0acb66a7b324
Size

144KB
Sample

221130-3kj7fsab21
MD5

32f41981aa0383a8a68fd985cffa227b
SHA1

9fae6e76326ff17cb522703f2da64d4cefbf9efd
SHA256

ab3b1bc7711a4cf1b7805660325035843f551b04172b28270c6e0acb66a7b324
SHA512

f74c20ae72b4237f3fb7d4e8302af63a77cae17a50838226d0662e4cd15e3acca44365385312998a81c776d3b38b3818fc0525c4be33ca8b45fc5fdd00a5f567
SSDEEP

3072:9dCLKdYqFfGHAl5uN3+rS8de2z3KUeFbKi:cKd+Hm5ul++k3NeFO

Score

8^/10

microsoft persistence phishing

Static task

static1

Behavioral task

behavioral1

Sample

ab3b1bc7711a4cf1b7805660325035843f551b04172b28270c6e0acb66a7b324.exe

Resource

win7-20220812-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

ab3b1bc7711a4cf1b7805660325035843f551b04172b28270c6e0acb66a7b324.exe

Resource

win10v2004-20220812-en

microsoft persistence phishing

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  ab3b1bc7711a4cf1b7805660325035843f551b04172b28270c6e0acb66a7b324
- Size
  
  144KB
- MD5
  
  32f41981aa0383a8a68fd985cffa227b
- SHA1
  
  9fae6e76326ff17cb522703f2da64d4cefbf9efd
- SHA256
  
  ab3b1bc7711a4cf1b7805660325035843f551b04172b28270c6e0acb66a7b324
- SHA512
  
  f74c20ae72b4237f3fb7d4e8302af63a77cae17a50838226d0662e4cd15e3acca44365385312998a81c776d3b38b3818fc0525c4be33ca8b45fc5fdd00a5f567
- SSDEEP
  
  3072:9dCLKdYqFfGHAl5uN3+rS8de2z3KUeFbKi:cKd+Hm5ul++k3NeFO
Score

8^/10

persistence microsoft phishing
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

microsoftpersistencephishing

© 2018-2024

Terms | Privacy