91fd4eb002ab708796e93684f10ceec5168e8c4e826d0c52db25754cad3ea1f7

Resubmissions

08/01/2023, 05:39

230108-gcp7vach42 3

08/01/2023, 05:35

230108-gaadlsch37 10

Sharing

Copy URL Twitter E-mail

General

Target

ReduceMemory.zip
Size

957KB
Sample

230108-gaadlsch37
MD5

cc9fab225fba75c41b1820a104c266dd
SHA1

486834e6fcc490cccd2090a216b5d3a980a10a58
SHA256

91fd4eb002ab708796e93684f10ceec5168e8c4e826d0c52db25754cad3ea1f7
SHA512

2fb33f71652726c9d97b9dfdb76ef25d3881236e119300c0d2312a8ec33eec53390b9a951eb33ee1d93f512b79924f2ffd009c1e5fe44c3accbd56af1dcdae2e
SSDEEP

12288:KDfKjP5ZZ92R96kIphP0fyeWFpI/0BKSxq42IOf3p0i0dsbznkrkYqXTxh4DXdpb:WCTtphP0wwSYJJEDqM8QPsFhQiUL

Score

10^/10

Malware Config

Targets

- Target
  
  ReduceMemory.zip
- Size
  
  957KB
- MD5
  
  cc9fab225fba75c41b1820a104c266dd
- SHA1
  
  486834e6fcc490cccd2090a216b5d3a980a10a58
- SHA256
  
  91fd4eb002ab708796e93684f10ceec5168e8c4e826d0c52db25754cad3ea1f7
- SHA512
  
  2fb33f71652726c9d97b9dfdb76ef25d3881236e119300c0d2312a8ec33eec53390b9a951eb33ee1d93f512b79924f2ffd009c1e5fe44c3accbd56af1dcdae2e
- SSDEEP
  
  12288:KDfKjP5ZZ92R96kIphP0fyeWFpI/0BKSxq42IOf3p0i0dsbznkrkYqXTxh4DXdpb:WCTtphP0wwSYJJEDqM8QPsFhQiUL
Score

1^/10
behavioral1 behavioral2
- Target
  
  ReduceMemory/ReduceMemory.exe
- Size
  
  776KB
- MD5
  
  0d626331715cc35aa377a8503f85c92a
- SHA1
  
  26aad89595f00068151d3676297ceec394e718af
- SHA256
  
  3e541100c869dba06ee62252a9661e5a06c2e685a7ddd5288ea1358703412385
- SHA512
  
  6dcdc39672dd00873c55753ba02ad05dc61ef028a4de385d5af38f30c4959342ac25f0ae936a19fb29100a49ab379f16f5288578434e1aea83b03e596d999996
- SSDEEP
  
  12288:UaWzgMg7v3qnCiHErQohh0F4aCJ8lny7QSpJJ9vZ+dAy2s:LaHMv6C7rjCny7QQx+Is
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral3 behavioral4
- Target
  
  ReduceMemory/ReduceMemory.ini
- Size
  
  51KB
- MD5
  
  8fe443a65f960e6d0c805a63c0921992
- SHA1
  
  c7ffa1e91f490a8b4dccecb33d8a9b7c49334942
- SHA256
  
  8f72c938d646ef4ad0d8bc51ab1e6c9197a56f51ac99067d418e7b9ab62d3375
- SHA512
  
  96de7204ee3c5fc4bb90432ca8f614c8b01cc2bbb6f91cebfd90cca2d390bef71eb63bd3c4f54ab11407495aae88efbe9c8ff501350fa4a7c604a9bd31a72c06
- SSDEEP
  
  768:bQATRy1S7l3m2l7WsM6gOm+QC0k2sFzwno:MATRvxm4CYt0k2MzN
Score

1^/10
behavioral5 behavioral6
- Target
  
  ReduceMemory/ReduceMemory_x64.exe
- Size
  
  924KB
- MD5
  
  8a7c9501419cf48e10e922389108f49b
- SHA1
  
  e245780a7d462ed290aba299edd4ac669b416d7f
- SHA256
  
  21ea7a4dbc85a2e87cd9f107dfd6da64fb7efff659c5fcaccbfef74494d21aad
- SHA512
  
  7cf0c17ec4f570c0c584356e3953848f99324b651ce5c417de76587d1c9a92d1101c773250807c63e5b1439d230a173e17b6d436a6bf26510f289ae7dc800380
- SSDEEP
  
  24576:72DW/xbeX2YIbmQsu3/PNLEQ2HySr7gqiy5:72EqXTQsW/PNIQOXgqi0
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral7 behavioral8
- Target
  
  ReduceMemory/Version_History.txt
- Size
  
  1KB
- MD5
  
  c12809111c7109643d62ee787c4a730c
- SHA1
  
  41333c3d1394b5a18d5ea63437cff05cff98e815
- SHA256
  
  3832f1350b42d0fa58510ea1b246d36aeb3581b0b2f773f288db3c0dacad41b2
- SHA512
  
  cd39e3ca99c67c4da99455c3e7bfad281d87d565c6aad7ec0444e4ecba9c9c032f7f337ed9f145a6584d336a31690189a9bb1b7118f20bb4cb292865784eaa54
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Suspicious use of NtCreateUserProcessOtherParentProcess

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10