Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    5.8MB

  • Sample

    230824-1wmevafh34

  • MD5

    b7a9151e93495fb1be4e5651ca4aded4

  • SHA1

    a32ba62db166c58e58a719c1e29f1832c575b0c0

  • SHA256

    4f9d429ed849e93b656b9f685df3dfd47f4f2d26c595b655291f44385326bc65

  • SHA512

    9b850930302dc7d15dd2baa2e8a7a04a49ae1f9f2536fb214df74f482070ba50ac85cce0461f07236a85b29e65325776e4c2c0663fb29860b476f22734fb1440

  • SSDEEP

    98304:bFh/waeNxH65kE0ytCp1arbct9ytSgF9WRD03nRMGdQ:bXHkdkct9ytSW9AS3m

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      file.exe

    • Size

      5.8MB

    • MD5

      b7a9151e93495fb1be4e5651ca4aded4

    • SHA1

      a32ba62db166c58e58a719c1e29f1832c575b0c0

    • SHA256

      4f9d429ed849e93b656b9f685df3dfd47f4f2d26c595b655291f44385326bc65

    • SHA512

      9b850930302dc7d15dd2baa2e8a7a04a49ae1f9f2536fb214df74f482070ba50ac85cce0461f07236a85b29e65325776e4c2c0663fb29860b476f22734fb1440

    • SSDEEP

      98304:bFh/waeNxH65kE0ytCp1arbct9ytSgF9WRD03nRMGdQ:bXHkdkct9ytSW9AS3m

    Score
    10/10
    evasionpersistence

    • Modifies security service

      evasion

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops file in Drivers directory

    • Sets service image path in registry

      persistence

    • Stops running service(s)

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks