Overview

overview

10

Static

static

3

dmi1dfg7n.exe

windows7-x64

10

dmi1dfg7n.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dmi1dfg7n.exe

  • Size

    2.8MB

  • Sample

    230701-keclbagd27

  • MD5

    9253ed091d81e076a3037e12af3dc871

  • SHA1

    ec02829a25b3bf57ad061bbe54180d0c99c76981

  • SHA256

    78e0a8309bc850037e12c2d72a5b0843dcd8b412a0a597c2a3dcbd44e9f3c859

  • SHA512

    29ff2fd5f150d10b2d281a45df5b44873192605de8dc95278d6a7b5053370e4ac64a47100b13c63f3c048df351a9b51f0b93af7d922399a91508a50c152e8cf4

  • SSDEEP

    49152:xkWZLeZVfE7GQFHJUXhr3o2AmO+gpMsv6gFcPJBpaAo1AIU7LXPyPZTzeRJ38AoW:xL1eY7bFpUxr3fAjAVRJBpPAUPyBnUy6

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      dmi1dfg7n.exe

    • Size

      2.8MB

    • MD5

      9253ed091d81e076a3037e12af3dc871

    • SHA1

      ec02829a25b3bf57ad061bbe54180d0c99c76981

    • SHA256

      78e0a8309bc850037e12c2d72a5b0843dcd8b412a0a597c2a3dcbd44e9f3c859

    • SHA512

      29ff2fd5f150d10b2d281a45df5b44873192605de8dc95278d6a7b5053370e4ac64a47100b13c63f3c048df351a9b51f0b93af7d922399a91508a50c152e8cf4

    • SSDEEP

      49152:xkWZLeZVfE7GQFHJUXhr3o2AmO+gpMsv6gFcPJBpaAo1AIU7LXPyPZTzeRJ38AoW:xL1eY7bFpUxr3fAjAVRJBpPAUPyBnUy6

    Score
    10/10
    evasionpersistence

    • Modifies security service

      evasion

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Sets service image path in registry

      persistence

    • Stops running service(s)

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks