b52230ba0750810d362bf8f58f0332eec710ce0e6b61fd89b68d0dc108f53449 | Triage

Submit
Reports

Overview

overview

8

Static

static

b52230ba07...49.exe

windows7-x64

8

b52230ba07...49.exe

windows10-2004-x64

8

Sharing

General

Target

b52230ba0750810d362bf8f58f0332eec710ce0e6b61fd89b68d0dc108f53449
Size

1.1MB
Sample

221201-xrxs8seh6x
MD5

39ecc70c2d2baf144d81c8a8c930c064
SHA1

bd2313bed774d4804de7e2ce65a9820c81a91c73
SHA256

b52230ba0750810d362bf8f58f0332eec710ce0e6b61fd89b68d0dc108f53449
SHA512

bb8a79f8336b8de9150bc59274bd762a20eee2a900a1592e6f87bd18a32af0f3f359e556549016ec67fb701d082440c8d76b9ec9196dffa839e358912fd2e8a9
SSDEEP

24576:PC7I14/6ZNetmSwfC7lZwhgppoud4UvMt:qk7Md

Score

8^/10

microsoft persistence phishing

Static task

static1

Behavioral task

behavioral1

Sample

b52230ba0750810d362bf8f58f0332eec710ce0e6b61fd89b68d0dc108f53449.exe

Resource

win7-20221111-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

b52230ba0750810d362bf8f58f0332eec710ce0e6b61fd89b68d0dc108f53449.exe

Resource

win10v2004-20220812-en

microsoft persistence phishing

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  b52230ba0750810d362bf8f58f0332eec710ce0e6b61fd89b68d0dc108f53449
- Size
  
  1.1MB
- MD5
  
  39ecc70c2d2baf144d81c8a8c930c064
- SHA1
  
  bd2313bed774d4804de7e2ce65a9820c81a91c73
- SHA256
  
  b52230ba0750810d362bf8f58f0332eec710ce0e6b61fd89b68d0dc108f53449
- SHA512
  
  bb8a79f8336b8de9150bc59274bd762a20eee2a900a1592e6f87bd18a32af0f3f359e556549016ec67fb701d082440c8d76b9ec9196dffa839e358912fd2e8a9
- SSDEEP
  
  24576:PC7I14/6ZNetmSwfC7lZwhgppoud4UvMt:qk7Md
Score

8^/10

persistence microsoft phishing
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

microsoftpersistencephishing

© 2018-2024

Terms | Privacy