ec099c1fa08bc20aed467f64260751e6f15413f82c03b5c1b95f9547280af90f | Triage

Submit
Reports

Overview

overview

6

Static

static

ec099c1fa0...0f.exe

windows7-x64

5

ec099c1fa0...0f.exe

windows10-2004-x64

6

Sharing

General

Target

ec099c1fa08bc20aed467f64260751e6f15413f82c03b5c1b95f9547280af90f
Size

165KB
Sample

221130-hx5npsge85
MD5

8fe1031010a44dbeed917a050119bc86
SHA1

79b31f24d0253b4ded72fadc600aa224da1a6800
SHA256

ec099c1fa08bc20aed467f64260751e6f15413f82c03b5c1b95f9547280af90f
SHA512

5dc98bb49e21f7b8a65a2e2665f4f115e5a13e9f8754239c8a873bf94552cc6f3fead44704fbbac7d4a64e565f127234c28efe857bfa5d1fa37dae47a5f8f612
SSDEEP

1536:m6z5h/HBx/Fg12SrXvrLZriRkpdzjd6w47n3Y0OcHciwR1iNwWw3QDQEx4WxjyMx:hlOcBfFQe4Kj8LdlPa

Score

6^/10

microsoft persistence phishing

Static task

static1

Behavioral task

behavioral1

Sample

ec099c1fa08bc20aed467f64260751e6f15413f82c03b5c1b95f9547280af90f.exe

Resource

win7-20221111-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

ec099c1fa08bc20aed467f64260751e6f15413f82c03b5c1b95f9547280af90f.exe

Resource

win10v2004-20220901-en

microsoft persistence phishing

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  ec099c1fa08bc20aed467f64260751e6f15413f82c03b5c1b95f9547280af90f
- Size
  
  165KB
- MD5
  
  8fe1031010a44dbeed917a050119bc86
- SHA1
  
  79b31f24d0253b4ded72fadc600aa224da1a6800
- SHA256
  
  ec099c1fa08bc20aed467f64260751e6f15413f82c03b5c1b95f9547280af90f
- SHA512
  
  5dc98bb49e21f7b8a65a2e2665f4f115e5a13e9f8754239c8a873bf94552cc6f3fead44704fbbac7d4a64e565f127234c28efe857bfa5d1fa37dae47a5f8f612
- SSDEEP
  
  1536:m6z5h/HBx/Fg12SrXvrLZriRkpdzjd6w47n3Y0OcHciwR1iNwWw3QDQEx4WxjyMx:hlOcBfFQe4Kj8LdlPa
Score

6^/10

microsoft persistence phishing
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

microsoftpersistencephishing

© 2018-2024

Terms | Privacy