06e2a779b34fbd168fb85d4ee1331967a87187fa810bd3739f96bb9222869ad4 | Triage

Sharing

General

Target

546bd4f906d07e78c3167428c09ecb4f.exe
Size

8.6MB
Sample

230513-gw2pzsff43
MD5

546bd4f906d07e78c3167428c09ecb4f
SHA1

f3ed2616a9630f83922e1b4a07bc8251e23530c4
SHA256

06e2a779b34fbd168fb85d4ee1331967a87187fa810bd3739f96bb9222869ad4
SHA512

066b3348b02a20d9dcffeadb322d3e9d726b59d1a93101adebc23edb008108782cf699846d7d874c17f45fdf60c17a021b21b77264022a0f2bc943b02575cd82
SSDEEP

196608:he6LFZ9zEQhEh2jN80+9IuYEvbpfjpX/3mhDBB:zLFHzEQhEBB9IrAFJvIB

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  546bd4f906d07e78c3167428c09ecb4f.exe
- Size
  
  8.6MB
- MD5
  
  546bd4f906d07e78c3167428c09ecb4f
- SHA1
  
  f3ed2616a9630f83922e1b4a07bc8251e23530c4
- SHA256
  
  06e2a779b34fbd168fb85d4ee1331967a87187fa810bd3739f96bb9222869ad4
- SHA512
  
  066b3348b02a20d9dcffeadb322d3e9d726b59d1a93101adebc23edb008108782cf699846d7d874c17f45fdf60c17a021b21b77264022a0f2bc943b02575cd82
- SSDEEP
  
  196608:he6LFZ9zEQhEh2jN80+9IuYEvbpfjpX/3mhDBB:zLFHzEQhEBB9IrAFJvIB
Score

10^/10

evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Stops running service(s)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2