945f4eb949580a8171cc5c26f12646b9cf2769a00dbf4c4c23a0868dc32294c9 | Triage

Submit
Reports

Overview

overview

Static

static

945f4eb949...c9.exe

windows7-x64

945f4eb949...c9.exe

windows10-2004-x64

8

Sharing

General

Target

945f4eb949580a8171cc5c26f12646b9cf2769a00dbf4c4c23a0868dc32294c9
Size

184KB
Sample

221201-zswzfaah89
MD5

6ca99a65a733352267b6ce44e26c9389
SHA1

215bd92e54af94ee8a1637675f7c45796c59519f
SHA256

945f4eb949580a8171cc5c26f12646b9cf2769a00dbf4c4c23a0868dc32294c9
SHA512

f1357a9ab200e61a0066502d8483c91d8b7c8df2380c372443b95048e5fbccc18ad0334795c9d6ea1b2ad551841577159903c9fb41ec0a88999e7fc1c91fc681
SSDEEP

3072:3/xPzn/1pt4gV8JOtgwE1opgaE3iN9h4OjKYhfy3IgqnpSnsQiNc1N0xGQ0I8voj:pPzrKyFtEJiN9ZWYd+8pQiNc4bxmm

Score

10^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

945f4eb949580a8171cc5c26f12646b9cf2769a00dbf4c4c23a0868dc32294c9.exe

Resource

win7-20221111-en

evasion persistence

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

945f4eb949580a8171cc5c26f12646b9cf2769a00dbf4c4c23a0868dc32294c9.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  945f4eb949580a8171cc5c26f12646b9cf2769a00dbf4c4c23a0868dc32294c9
- Size
  
  184KB
- MD5
  
  6ca99a65a733352267b6ce44e26c9389
- SHA1
  
  215bd92e54af94ee8a1637675f7c45796c59519f
- SHA256
  
  945f4eb949580a8171cc5c26f12646b9cf2769a00dbf4c4c23a0868dc32294c9
- SHA512
  
  f1357a9ab200e61a0066502d8483c91d8b7c8df2380c372443b95048e5fbccc18ad0334795c9d6ea1b2ad551841577159903c9fb41ec0a88999e7fc1c91fc681
- SSDEEP
  
  3072:3/xPzn/1pt4gV8JOtgwE1opgaE3iN9h4OjKYhfy3IgqnpSnsQiNc1N0xGQ0I8voj:pPzrKyFtEJiN9ZWYd+8pQiNc4bxmm
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

© 2018-2025

Terms | Privacy