3e396d970479ca2435a25c516da37c34f6ddf564bc27e3f63996d72aa0f1047f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

timestop.zip
Size

418KB
Sample

230601-xynh5sgd4v
MD5

2a97b81a7ff005807de7799ff27c67aa
SHA1

ad793a99a9b29ac25ba1da0c605fab5dcad17c29
SHA256

3e396d970479ca2435a25c516da37c34f6ddf564bc27e3f63996d72aa0f1047f
SHA512

557150909ba309465cdd3579e4140ff7fd5c7620edfe2117e8da618b103df77f7e5de4bf6a9547267b36d6be564fb38d31aecca58b9157fb3c4147523a27028f
SSDEEP

6144:UOx3qtZ1ncOqgi8CzRcs2oLyJbTEuvehSqTegr2un8KJ4q8cHa2zBPv:Ua0EOqDBrIEOst2fvfc62p

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  timestop/WinDivert.dll
- Size
  
  15KB
- MD5
  
  1b1284100327d972e017f565dbecf80e
- SHA1
  
  5b4f0c122a80478973eb6f9cb3bbcaf186295aea
- SHA256
  
  9444a6e6b66f13f666f9c60d1935824f61c7256e35a8cf0440e29baa7fbe42c7
- SHA512
  
  4ccb9e233a3573f6eded0efa8fa54ed929818394cdf2153623d902c749d37751da6f489354aa50968e53d42d5ce339f6368dedb7858a4ff43a1927b4338954a4
- SSDEEP
  
  384:EHGiP0PYf9pHuGvATXlQRNq/EbUKxcneWuDlE:E9MQf90GvQXlQvAEcehD
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral1
- Target
  
  timestop/WinDivert64.sys
- Size
  
  37KB
- MD5
  
  3bd5ac2e9d96e680f5dbdd183a58c47d
- SHA1
  
  83b08cb5e61c7b37bd710ea01196a26fc8f38610
- SHA256
  
  208c092fe77f161c5a313b916d73fa7f6d10dd289bab8bb5dfb3d59aacb27f25
- SHA512
  
  6cccd7971f423f72f5dbd01a83a2d27bb2bde63c4d1f5e127d77cfa0df85c289a2c3cd95c110ce38b58b9ea9a49aad18ae50f352ac6b21740d0294f771fbcb78
- SSDEEP
  
  768:R5VorUqgJs3/KtdrbYiZdNSRUYjbMUYOUaCdHUZ9fdCrYc:vVorUn9cRUuILLd07fdCU
Score

1^/10
behavioral2
- Target
  
  timestop/clumsy.exe
- Size
  
  1.4MB
- MD5
  
  6bcd94737d341808b9cd9d94c2b7cb40
- SHA1
  
  be0c84763260c350a93ca144092c15d09b213d0a
- SHA256
  
  adac971c4859d71b9189a6ecac25fedb4a3b5df7224462fac03a23f5a4ebde6f
- SHA512
  
  2dd2a16309063851599089865ea225cdd58e9568202679127e90d797d159657504253ffbab1400ce35a523f23e39a9721b75de7229cf5bc5de3177dd2794a518
- SSDEEP
  
  24576:odQOhDsVixFXYn36mjH0gRqH9RcEhqsUst:oJYViI36mjnR0cE0sUst
Score

1^/10
behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3