ce9bd1a5c1fc599b0c8f877d229482ffa413d8dd7f51eda86c1d3a59de6280b5 | Triage

Submit
Reports

Overview

overview

Static

static

3

ce9bd1a5c1...b5.exe

windows7-x64

ce9bd1a5c1...b5.exe

windows10-2004-x64

Sharing

General

Target

ce9bd1a5c1fc599b0c8f877d229482ffa413d8dd7f51eda86c1d3a59de6280b5.bin
Size

8.7MB
Sample

230511-xa928shg54
MD5

6a38b46d48afeae349b698a429ae1e1c
SHA1

891c831af6e60cfded62268276e4ffffd203f27e
SHA256

ce9bd1a5c1fc599b0c8f877d229482ffa413d8dd7f51eda86c1d3a59de6280b5
SHA512

470ae81eb635aa4b50b3213544ce85de16b87eaba8cf0fa46ca00989df2fa88fcadb1d834c58a5a7d84b3718515f6fd359a9a946035222b944b3df3e7b87bdf5
SSDEEP

196608:kxKMARSuV2XJXf6hzsy07g1vse0yEn2ii+Iv5tUOX:/FRSJXlf6Z8gWnyiqxtN

Score

10^/10

evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ce9bd1a5c1fc599b0c8f877d229482ffa413d8dd7f51eda86c1d3a59de6280b5.exe

Resource

win7-20230220-en

evasion persistence

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

ce9bd1a5c1fc599b0c8f877d229482ffa413d8dd7f51eda86c1d3a59de6280b5.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  ce9bd1a5c1fc599b0c8f877d229482ffa413d8dd7f51eda86c1d3a59de6280b5.bin
- Size
  
  8.7MB
- MD5
  
  6a38b46d48afeae349b698a429ae1e1c
- SHA1
  
  891c831af6e60cfded62268276e4ffffd203f27e
- SHA256
  
  ce9bd1a5c1fc599b0c8f877d229482ffa413d8dd7f51eda86c1d3a59de6280b5
- SHA512
  
  470ae81eb635aa4b50b3213544ce85de16b87eaba8cf0fa46ca00989df2fa88fcadb1d834c58a5a7d84b3718515f6fd359a9a946035222b944b3df3e7b87bdf5
- SSDEEP
  
  196608:kxKMARSuV2XJXf6hzsy07g1vse0yEn2ii+Iv5tUOX:/FRSJXlf6Z8gWnyiqxtN
Score

10^/10

evasion persistence
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistence

behavioral2

© 2018-2025

Terms | Privacy