dc431a309748f028a092c85a0d287e6daa6aeb509a6e364007810c5c8831a0c2 | Triage

Sharing

General

Target

dc431a309748f028a092c85a0d287e6daa6aeb509a6e364007810c5c8831a0c2
Size

324KB
Sample

221201-vcwarahb27
MD5

0fc0d0aee5c2633fef43b31f2bfef116
SHA1

ed180b75303a69ac05d4fc5faeaeac8b1674ead4
SHA256

dc431a309748f028a092c85a0d287e6daa6aeb509a6e364007810c5c8831a0c2
SHA512

c1cebb950601f211eb40145c5783dab639b044acb902012486c4a6f15f29c54d90413872fa911e1d3c8b849d6749f839b36a50c72f2e207bdbbb111841750ea9
SSDEEP

6144:wap2pOyKKiamaG+8A0TaKJ8rCw+Wt0dvOgDxcPkCNepRNfGv9:12T5mDlFJJw+WmOgAFolO1

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  dc431a309748f028a092c85a0d287e6daa6aeb509a6e364007810c5c8831a0c2
- Size
  
  324KB
- MD5
  
  0fc0d0aee5c2633fef43b31f2bfef116
- SHA1
  
  ed180b75303a69ac05d4fc5faeaeac8b1674ead4
- SHA256
  
  dc431a309748f028a092c85a0d287e6daa6aeb509a6e364007810c5c8831a0c2
- SHA512
  
  c1cebb950601f211eb40145c5783dab639b044acb902012486c4a6f15f29c54d90413872fa911e1d3c8b849d6749f839b36a50c72f2e207bdbbb111841750ea9
- SSDEEP
  
  6144:wap2pOyKKiamaG+8A0TaKJ8rCw+Wt0dvOgDxcPkCNepRNfGv9:12T5mDlFJJw+WmOgAFolO1
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2