ce8a985a11fbf4592a6e7c073b7d29794c31d242985d5548a07b80f27d380a7a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ce8a985a11fbf4592a6e7c073b7d29794c31d242985d5548a07b80f27d380a7a
Size

132KB
Sample

221203-e7mdbsed69
MD5

3f37ec0db532fa855ff02037f8c70dd6
SHA1

99cc8337a79d428525249eb327c9c53a0f9706e2
SHA256

ce8a985a11fbf4592a6e7c073b7d29794c31d242985d5548a07b80f27d380a7a
SHA512

d203e8f5ad9b554ae92fc1f7f77d2b3098def8451a1b841b44d8edcde4e9aee4cb85afd367dbc95c2296c644520272501d80479edbc734187ced27d726158a0d
SSDEEP

3072:neNbX4Q9ctlmvN8wPRgj24BB8Kay+GSVlsit:n4bIRmF8l243apnF

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  ce8a985a11fbf4592a6e7c073b7d29794c31d242985d5548a07b80f27d380a7a
- Size
  
  132KB
- MD5
  
  3f37ec0db532fa855ff02037f8c70dd6
- SHA1
  
  99cc8337a79d428525249eb327c9c53a0f9706e2
- SHA256
  
  ce8a985a11fbf4592a6e7c073b7d29794c31d242985d5548a07b80f27d380a7a
- SHA512
  
  d203e8f5ad9b554ae92fc1f7f77d2b3098def8451a1b841b44d8edcde4e9aee4cb85afd367dbc95c2296c644520272501d80479edbc734187ced27d726158a0d
- SSDEEP
  
  3072:neNbX4Q9ctlmvN8wPRgj24BB8Kay+GSVlsit:n4bIRmF8l243apnF
Score

8^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2