7fb99af8a9403c406bc0883a9ae0f0d11d46d73e4ce5a9462d22e9b6ede25749 | Triage

Sharing

General

Target

syspool.exe
Size

24KB
Sample

230614-pyj7qahc9w
MD5

148bb976482ca11fff424dbda6882d2f
SHA1

e76bba0c90ef3df93ca863cc25ad390a18ee8d86
SHA256

7fb99af8a9403c406bc0883a9ae0f0d11d46d73e4ce5a9462d22e9b6ede25749
SHA512

3bfe4227a23dda9316c977e28ae8c45762ca302aeddb0cb5e4efb6d2af52c1b18318f41e02f20f55349431b83f98acd23bdfa2a2a1691a799fd7b23c9b3c974d
SSDEEP

384:sFETAe6dXgoQMORTtWKRWiWrTLUonW41ldc2HgbX:sYAPJQnR9WrVnWi7to

Score

9^/10

discovery persistence

Malware Config

Targets

- Target
  
  syspool.exe
- Size
  
  24KB
- MD5
  
  148bb976482ca11fff424dbda6882d2f
- SHA1
  
  e76bba0c90ef3df93ca863cc25ad390a18ee8d86
- SHA256
  
  7fb99af8a9403c406bc0883a9ae0f0d11d46d73e4ce5a9462d22e9b6ede25749
- SHA512
  
  3bfe4227a23dda9316c977e28ae8c45762ca302aeddb0cb5e4efb6d2af52c1b18318f41e02f20f55349431b83f98acd23bdfa2a2a1691a799fd7b23c9b3c974d
- SSDEEP
  
  384:sFETAe6dXgoQMORTtWKRWiWrTLUonW41ldc2HgbX:sYAPJQnR9WrVnWi7to
Score

9^/10

discovery persistence
- Contacts a large (3596) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (5819) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence