b89a14df1fe68514c58810ec421ff60168888b6971a1a46ff97d4474b925fd90 | Triage

Sharing

General

Target

b89a14df1fe68514c58810ec421ff60168888b6971a1a46ff97d4474b925fd90
Size

204KB
Sample

221205-jr263aab55
MD5

896bee8216e0354b2dce57cbf95fdcae
SHA1

34bb0f59699b5a70c6e924a6128dbe8c4726fd33
SHA256

b89a14df1fe68514c58810ec421ff60168888b6971a1a46ff97d4474b925fd90
SHA512

e40efb01c47fa08a77985a8151bc75978e19a8a38f51ee12dcfdfd8a932b6920a97999bd1186c01405266d80fab718447d8edf18f649aeaa09e630ed3cfea427
SSDEEP

6144:bcdOSKq1G5JU09zZd6n0xWWq2oM3/wCeeR0AI01Ak:wwi8Ugz+NG/wQvI0

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  b89a14df1fe68514c58810ec421ff60168888b6971a1a46ff97d4474b925fd90
- Size
  
  204KB
- MD5
  
  896bee8216e0354b2dce57cbf95fdcae
- SHA1
  
  34bb0f59699b5a70c6e924a6128dbe8c4726fd33
- SHA256
  
  b89a14df1fe68514c58810ec421ff60168888b6971a1a46ff97d4474b925fd90
- SHA512
  
  e40efb01c47fa08a77985a8151bc75978e19a8a38f51ee12dcfdfd8a932b6920a97999bd1186c01405266d80fab718447d8edf18f649aeaa09e630ed3cfea427
- SSDEEP
  
  6144:bcdOSKq1G5JU09zZd6n0xWWq2oM3/wCeeR0AI01Ak:wwi8Ugz+NG/wQvI0
Score

8^/10

discovery persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence