ec99f7ce67dce348254e52fb194ac592446e0fceff485a62a95f4ce85d92dd3c | Triage

Submit
Reports

Overview

overview

8

Static

static

ec99f7ce67...3c.exe

windows7-x64

ec99f7ce67...3c.exe

windows10-2004-x64

Sharing

General

Target

ec99f7ce67dce348254e52fb194ac592446e0fceff485a62a95f4ce85d92dd3c
Size

900KB
Sample

221130-yhmscach3y
MD5

75f6cc3b9d91fb36827052daa68ab459
SHA1

44b85c2b29c6b84fa020c9aead696e588877cb0e
SHA256

ec99f7ce67dce348254e52fb194ac592446e0fceff485a62a95f4ce85d92dd3c
SHA512

0b962a953c5057de44af5d1d6a362408901d5505d4a71554138027adeb7a26027076259fea474e9fa8fa966a26c66f32b4585824be803f914258018da37cebab
SSDEEP

12288:6yu8gCTiJiYNadtDIC4W43ksPZE5SqG2VcV8XX7xe9DPBi3/2Kmm97Wb9cd:6yu8gCTX8aTUC5akaa5qZV8Xrg9Deb7z

Score

8^/10

discovery exploit persistence

Static task

static1

Behavioral task

behavioral1

Sample

ec99f7ce67dce348254e52fb194ac592446e0fceff485a62a95f4ce85d92dd3c.exe

Resource

win7-20220812-en

discovery exploit persistence

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

ec99f7ce67dce348254e52fb194ac592446e0fceff485a62a95f4ce85d92dd3c.exe

Resource

win10v2004-20220901-en

discovery exploit persistence

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  ec99f7ce67dce348254e52fb194ac592446e0fceff485a62a95f4ce85d92dd3c
- Size
  
  900KB
- MD5
  
  75f6cc3b9d91fb36827052daa68ab459
- SHA1
  
  44b85c2b29c6b84fa020c9aead696e588877cb0e
- SHA256
  
  ec99f7ce67dce348254e52fb194ac592446e0fceff485a62a95f4ce85d92dd3c
- SHA512
  
  0b962a953c5057de44af5d1d6a362408901d5505d4a71554138027adeb7a26027076259fea474e9fa8fa966a26c66f32b4585824be803f914258018da37cebab
- SSDEEP
  
  12288:6yu8gCTiJiYNadtDIC4W43ksPZE5SqG2VcV8XX7xe9DPBi3/2Kmm97Wb9cd:6yu8gCTX8aTUC5akaa5qZV8Xrg9Deb7z
Score

8^/10

discovery exploit persistence
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

File Permissions Modification

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryexploitpersistence

behavioral2

discoveryexploitpersistence

© 2018-2024

Terms | Privacy