General
-
Target
MpCopyAccelerator.exe
-
Size
1.3MB
-
Sample
230804-cp5e3sab4v
-
MD5
446ecf36da0fe025e01d9cdcb1a62108
-
SHA1
3388e28eeeebcc4e19fa115895f26d1cb120cffa
-
SHA256
0df049a77a63a2e5456858b618fb20c38ad3f45a2870a84ea4a6bac88dfe65b2
-
SHA512
5bff087ab9fbb66d6f145627d38b0671bf2ceace543a5d4538e11bb0e710f675f058245ab072188dd1f63667aeb5dc6cd99cf7c63be8094aea106fe96f8a961b
-
SSDEEP
24576:9jtyKVvqtLciYOMGYgi+L8WsgQnZxzaoCIRApBvbNmncW5x8WU:9jIKpql2zqkxzamYBvbwD5Wd
Malware Config
Targets
-
-
Target
MpCopyAccelerator.exe
-
Size
1.3MB
-
MD5
446ecf36da0fe025e01d9cdcb1a62108
-
SHA1
3388e28eeeebcc4e19fa115895f26d1cb120cffa
-
SHA256
0df049a77a63a2e5456858b618fb20c38ad3f45a2870a84ea4a6bac88dfe65b2
-
SHA512
5bff087ab9fbb66d6f145627d38b0671bf2ceace543a5d4538e11bb0e710f675f058245ab072188dd1f63667aeb5dc6cd99cf7c63be8094aea106fe96f8a961b
-
SSDEEP
24576:9jtyKVvqtLciYOMGYgi+L8WsgQnZxzaoCIRApBvbNmncW5x8WU:9jIKpql2zqkxzamYBvbwD5Wd
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-