a7e78b8f4f59d905be2ffa65ba3d1a2f16b7002cd0145b8b3d03fe925b382ba5 | Triage

Sharing

General

Target

a7e78b8f4f59d905be2ffa65ba3d1a2f16b7002cd0145b8b3d03fe925b382ba5
Size

721KB
Sample

221130-yhplyach4s
MD5

20e1fcbec4619053a06e4bd67811c200
SHA1

cf3e7f3128d933d9d5e9395f7093bfd56e9f9a2c
SHA256

a7e78b8f4f59d905be2ffa65ba3d1a2f16b7002cd0145b8b3d03fe925b382ba5
SHA512

5d806117fa3b85fffe491fdc2944f99bb576ec4de64c9e26ff3125f63419c0c97a29e3afb7d8351e3b68b320028a1d4ae943e89a092a9f12eea2dfeca140cb08
SSDEEP

12288:6yuMgCTiJiYNadtDII4EViqHbVmacykOvHnQts/XQnFhYCNIBtAGVcW:6yuMgCTX8aTUI1RH/HAY

Score

8^/10

discovery exploit persistence

Malware Config

Targets

- Target
  
  a7e78b8f4f59d905be2ffa65ba3d1a2f16b7002cd0145b8b3d03fe925b382ba5
- Size
  
  721KB
- MD5
  
  20e1fcbec4619053a06e4bd67811c200
- SHA1
  
  cf3e7f3128d933d9d5e9395f7093bfd56e9f9a2c
- SHA256
  
  a7e78b8f4f59d905be2ffa65ba3d1a2f16b7002cd0145b8b3d03fe925b382ba5
- SHA512
  
  5d806117fa3b85fffe491fdc2944f99bb576ec4de64c9e26ff3125f63419c0c97a29e3afb7d8351e3b68b320028a1d4ae943e89a092a9f12eea2dfeca140cb08
- SSDEEP
  
  12288:6yuMgCTiJiYNadtDII4EViqHbVmacykOvHnQts/XQnFhYCNIBtAGVcW:6yuMgCTX8aTUI1RH/HAY
Score

8^/10

discovery exploit persistence
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

File Permissions Modification

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryexploitpersistence

behavioral2

discoveryexploitpersistence