12cfe9977cd669018236d56c3bbb46139039a8b346e6c6efac04604ef7dee139 | Triage

Sharing

General

Target

12cfe9977cd669018236d56c3bbb46139039a8b346e6c6efac04604ef7dee139
Size

140KB
Sample

221201-mbannacf7x
MD5

e05c617916fa14f40f7d2d7252ce58ba
SHA1

92c415f627b3f5fa6d4ccfca5b73ada7ec993e61
SHA256

12cfe9977cd669018236d56c3bbb46139039a8b346e6c6efac04604ef7dee139
SHA512

0c52b9f14e96e3bf01d95076219f6c8337e5bd40cc9bc56f1fd7bc45fe3f2165b5f25325b312ddc88b782f05a8c9d4200f30c5c71ca39c42da4742bfd35172ef
SSDEEP

1536:jLe2G4hiyrKfU0B296MAkgu8cBjFouoGNWAD5v2i9l4hT:OEhiy2fR0UMANYoufIAcySh

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  12cfe9977cd669018236d56c3bbb46139039a8b346e6c6efac04604ef7dee139
- Size
  
  140KB
- MD5
  
  e05c617916fa14f40f7d2d7252ce58ba
- SHA1
  
  92c415f627b3f5fa6d4ccfca5b73ada7ec993e61
- SHA256
  
  12cfe9977cd669018236d56c3bbb46139039a8b346e6c6efac04604ef7dee139
- SHA512
  
  0c52b9f14e96e3bf01d95076219f6c8337e5bd40cc9bc56f1fd7bc45fe3f2165b5f25325b312ddc88b782f05a8c9d4200f30c5c71ca39c42da4742bfd35172ef
- SSDEEP
  
  1536:jLe2G4hiyrKfU0B296MAkgu8cBjFouoGNWAD5v2i9l4hT:OEhiy2fR0UMANYoufIAcySh
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Deletes itself
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2