5fc29cdd01e0bb02ab69904ac0156b41ed6e9b9e1130a761fe44e03b9d51f8f3 | Triage

Sharing

General

Target

5fc29cdd01e0bb02ab69904ac0156b41ed6e9b9e1130a761fe44e03b9d51f8f3
Size

5.7MB
Sample

230830-e8jzlacg9x
MD5

98775ff23cbc45e7ad6c81974270d4cc
SHA1

3de0012444ba5050863b7d5ba164d680d04a1539
SHA256

5fc29cdd01e0bb02ab69904ac0156b41ed6e9b9e1130a761fe44e03b9d51f8f3
SHA512

eb3f59dd4780fe77a3e3f5560f7d7389a80441412cd192e3ed0e30c02bb25559caa59b2c08035283499f6eb74353a1f31a123066e09a967adfeeb112af5f327c
SSDEEP

98304:S0TVWEzKhoqXr+bTk0OUNAhqFabD/JpYPAKUwHbJBjL+nzEHiKUrvVrOIgB:Spr+vk0OgAheafDYPAKUSbEP

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  5fc29cdd01e0bb02ab69904ac0156b41ed6e9b9e1130a761fe44e03b9d51f8f3
- Size
  
  5.7MB
- MD5
  
  98775ff23cbc45e7ad6c81974270d4cc
- SHA1
  
  3de0012444ba5050863b7d5ba164d680d04a1539
- SHA256
  
  5fc29cdd01e0bb02ab69904ac0156b41ed6e9b9e1130a761fe44e03b9d51f8f3
- SHA512
  
  eb3f59dd4780fe77a3e3f5560f7d7389a80441412cd192e3ed0e30c02bb25559caa59b2c08035283499f6eb74353a1f31a123066e09a967adfeeb112af5f327c
- SSDEEP
  
  98304:S0TVWEzKhoqXr+bTk0OUNAhqFabD/JpYPAKUwHbJBjL+nzEHiKUrvVrOIgB:Spr+vk0OgAheafDYPAKUSbEP
Score

10^/10

evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Stops running service(s)
  evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1