f2e5cf7a52a60915a4f27f4711c4a03d376fe3720e2d1354b547a27d283cd80e | Triage

Sharing

General

Target

f2e5cf7a52a60915a4f27f4711c4a03d376fe3720e2d1354b547a27d283cd80e
Size

678KB
Sample

230823-bxj9fagh63
MD5

420e9a9cbe9e4df7eb380df9a92e966a
SHA1

9518a18f2951ad7f3dee0e03f6e346a421e0077b
SHA256

f2e5cf7a52a60915a4f27f4711c4a03d376fe3720e2d1354b547a27d283cd80e
SHA512

f9e4cf111eebaf788317d7b960a121bb7e47b0cbf993e47729623aae4d91c00fc567dc5f1833d7dc1a306fe50e05796bf2a24d8b8a61fccb5357a8b3d964a66b
SSDEEP

12288:87PWsI2L7EBhuDb25MhCVgzegCnxokYa/49VymTuzf2exfG1+dyR9jDkn6scyitl:CusIEQhxyCmMQ9Vyvf2kfZclopMiWwkH

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  SOA.exe
- Size
  
  769KB
- MD5
  
  7cf44d01617ca7109e6055fef339f301
- SHA1
  
  034696cc52781145916bb54989aa73db5ab6e2f3
- SHA256
  
  ecb89e3dc8230acc1f4979b6e9461684c0bbad2aed4871858610a3b6c660683b
- SHA512
  
  e62de06660b0d136630f0a9642e037a012f901abb210b079f526dbdcd7bc94b61b975dc03e36112dd0c236029a103b0c95398aeba61ea60b9767c4dc368a6bc1
- SSDEEP
  
  12288:DEN2d1mbTc9t0fzeWCc2/UYsh4HVlrczP8Exfk1+dyRJj7KvUsmyutnetdNSO:wFygCCOHVlr0P86f3c5eb4e3Z
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2