ae0b0d973a8b3feff1fb7570e09fadf473b904b8bb53c7eb83da63a53c103164 | Triage

Sharing

General

Target

DEVMin.exe
Size

3.6MB
Sample

230630-plw1raca7w
MD5

279c66b28f19a510ad6c0f155871fac3
SHA1

427bcf049de4b9a848593463e0f36265baa6164c
SHA256

ae0b0d973a8b3feff1fb7570e09fadf473b904b8bb53c7eb83da63a53c103164
SHA512

f9ae2f0753e689f78ced7d1dbc4273fe17ca1eda2f62ee7a317a4a3614d91fcae62d7aacb8ea1a826f7e0a5a3c5723dc48830483af8e38497bc9593bd2f7f161
SSDEEP

98304:JHmeIFVx0/o2Jrd9o2oNiN0KL5Zm2kVehky:DIFVxQJM2eRZfQhky

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  DEVMin.exe
- Size
  
  3.6MB
- MD5
  
  279c66b28f19a510ad6c0f155871fac3
- SHA1
  
  427bcf049de4b9a848593463e0f36265baa6164c
- SHA256
  
  ae0b0d973a8b3feff1fb7570e09fadf473b904b8bb53c7eb83da63a53c103164
- SHA512
  
  f9ae2f0753e689f78ced7d1dbc4273fe17ca1eda2f62ee7a317a4a3614d91fcae62d7aacb8ea1a826f7e0a5a3c5723dc48830483af8e38497bc9593bd2f7f161
- SSDEEP
  
  98304:JHmeIFVx0/o2Jrd9o2oNiN0KL5Zm2kVehky:DIFVxQJM2eRZfQhky
Score

10^/10

evasion
- Modifies security service
  evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- Deletes itself
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2