875b176bbb3a6308925f4fa4621fac891c244d2e510b15049f4950255ba7f630 | Triage

Resubmissions

23-03-2023 08:27

230323-kcdqlagd9x 10

23-03-2023 08:05

230323-jzbn3sed55 10

Sharing

General

Target

875b176bbb3a6308925f4fa4621fac891c244d2e510b15049f4950255ba7f630
Size

3.6MB
Sample

230323-jzbn3sed55
MD5

ce42cbd9b1d81721ae38248d35e9e40a
SHA1

1eb087350006f465827227724d7fb040a07a67b2
SHA256

875b176bbb3a6308925f4fa4621fac891c244d2e510b15049f4950255ba7f630
SHA512

7162a9e9f680e2547c289362f93db4c18619b8a4f4e5f04ead9faaf561ff2d5612ec46084fca55cbb41a6b446bacfc701946d2dc3b714d629bef98ffc18d2f65
SSDEEP

49152:N0YkrpIPrE9C+eSLLbEdswC1dLYOwYRh6a1o0QI+Uu6ff6XOhrMev+:OYkrArE0+eEXuhIdLYOww1o1F6fCwjm

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  875b176bbb3a6308925f4fa4621fac891c244d2e510b15049f4950255ba7f630
- Size
  
  3.6MB
- MD5
  
  ce42cbd9b1d81721ae38248d35e9e40a
- SHA1
  
  1eb087350006f465827227724d7fb040a07a67b2
- SHA256
  
  875b176bbb3a6308925f4fa4621fac891c244d2e510b15049f4950255ba7f630
- SHA512
  
  7162a9e9f680e2547c289362f93db4c18619b8a4f4e5f04ead9faaf561ff2d5612ec46084fca55cbb41a6b446bacfc701946d2dc3b714d629bef98ffc18d2f65
- SSDEEP
  
  49152:N0YkrpIPrE9C+eSLLbEdswC1dLYOwYRh6a1o0QI+Uu6ff6XOhrMev+:OYkrArE0+eEXuhIdLYOww1o1F6fCwjm
Score

10^/10

evasion
- Modifies security service
  evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2