e7da4b735f0ad0e57923ef9a0a69a4849b9bdefac0e5d36bfc9fdcfed34c6485 | Triage

Sharing

General

Target

e7da4b735f0ad0e57923ef9a0a69a4849b9bdefac0e5d36bfc9fdcfed34c6485
Size

157KB
Sample

221203-nwzc7abe3s
MD5

179b6f8293556dda8dd4618686646af0
SHA1

9da30ce49f793e41b7f7cfb1d35a18b293b151a2
SHA256

e7da4b735f0ad0e57923ef9a0a69a4849b9bdefac0e5d36bfc9fdcfed34c6485
SHA512

14f20aded7f0f03c3a2609b8b3e2cfcd0efbf205504792ed9bd9d960fdca7a5d240b5bb04ce945ffe6ab733373b5b23409d446fd8283607619cfe98f1215171a
SSDEEP

1536:gkWbhgW5o1oS4l1TfG8Umu3/IdsGmPIxl8F4L0a8fcqQA65Oi:FW+1oS4l5OeuQdrmwvL8EqQA65Oi

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  e7da4b735f0ad0e57923ef9a0a69a4849b9bdefac0e5d36bfc9fdcfed34c6485
- Size
  
  157KB
- MD5
  
  179b6f8293556dda8dd4618686646af0
- SHA1
  
  9da30ce49f793e41b7f7cfb1d35a18b293b151a2
- SHA256
  
  e7da4b735f0ad0e57923ef9a0a69a4849b9bdefac0e5d36bfc9fdcfed34c6485
- SHA512
  
  14f20aded7f0f03c3a2609b8b3e2cfcd0efbf205504792ed9bd9d960fdca7a5d240b5bb04ce945ffe6ab733373b5b23409d446fd8283607619cfe98f1215171a
- SSDEEP
  
  1536:gkWbhgW5o1oS4l1TfG8Umu3/IdsGmPIxl8F4L0a8fcqQA65Oi:FW+1oS4l5OeuQdrmwvL8EqQA65Oi
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2