7a3f49cc0a5af0ee1635c506c8a6256f24a8ebab222650686b95d1d8806cd138 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7a3f49cc0a5af0ee1635c506c8a6256f24a8ebab222650686b95d1d8806cd138
Size

321KB
Sample

221201-dgnb9shc37
MD5

76a493b8d76ef9ad997bcc8ce0d466c7
SHA1

575e8ec2ebcbbfe1163886d64fb16e6f248d5c7a
SHA256

7a3f49cc0a5af0ee1635c506c8a6256f24a8ebab222650686b95d1d8806cd138
SHA512

55201d002d00a319dd8e1784aec77b5f3de1ddbc61f9c64e821de0994b9a17062cd1ad8937a613603c4e7ed8c3a89508247fdcf0c1b4cf4975c5e0e8727bc266
SSDEEP

6144:Fl1KJioProMSt9kClgNGU7wh8QuRwSWfGDz/CW0WXjgyCQ/tZK6N7gDCV4/Dt1qi:3UiyoXt9kClIGU7whWwSGUbgxAPN7gmm

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  7a3f49cc0a5af0ee1635c506c8a6256f24a8ebab222650686b95d1d8806cd138
- Size
  
  321KB
- MD5
  
  76a493b8d76ef9ad997bcc8ce0d466c7
- SHA1
  
  575e8ec2ebcbbfe1163886d64fb16e6f248d5c7a
- SHA256
  
  7a3f49cc0a5af0ee1635c506c8a6256f24a8ebab222650686b95d1d8806cd138
- SHA512
  
  55201d002d00a319dd8e1784aec77b5f3de1ddbc61f9c64e821de0994b9a17062cd1ad8937a613603c4e7ed8c3a89508247fdcf0c1b4cf4975c5e0e8727bc266
- SSDEEP
  
  6144:Fl1KJioProMSt9kClgNGU7wh8QuRwSWfGDz/CW0WXjgyCQ/tZK6N7gDCV4/Dt1qi:3UiyoXt9kClIGU7whWwSGUbgxAPN7gmm
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2