8317da7d78f1ab5e517e5914fbdbbe20e079f71184279518dec1916271fcaea6 | Triage

Resubmissions

04/09/2023, 03:19

230904-dvpr9ade4y 10

03/09/2023, 22:01

230903-1xe26acf94 10

Sharing

Copy URL Twitter E-mail

General

Target

8317da7d78f1ab5e517e5914fbdbbe20e079f71184279518dec1916271fcaea6
Size

20.4MB
Sample

230903-1xe26acf94
MD5

19d6340743164342171504547933597f
SHA1

deede2b49d95021d0450b84b0ff90d58e24f4f1a
SHA256

8317da7d78f1ab5e517e5914fbdbbe20e079f71184279518dec1916271fcaea6
SHA512

55e471b046f052c7f7b045d20dec751bbc3b1d346969f3b926d2517942f85af28db602ac605097e82063ddbcbb0dd5b6a116d461511d34b343afc4092233f13c
SSDEEP

49152:27lgxQOjdfrB1VWuuJIwBXUVjDmXsScw2WEfykvNdM0a4J3C4ffysofoEIE1xL5C:2qfG+DPS1SQ0VEL7fTbdEwamHh

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  8317da7d78f1ab5e517e5914fbdbbe20e079f71184279518dec1916271fcaea6
- Size
  
  20.4MB
- MD5
  
  19d6340743164342171504547933597f
- SHA1
  
  deede2b49d95021d0450b84b0ff90d58e24f4f1a
- SHA256
  
  8317da7d78f1ab5e517e5914fbdbbe20e079f71184279518dec1916271fcaea6
- SHA512
  
  55e471b046f052c7f7b045d20dec751bbc3b1d346969f3b926d2517942f85af28db602ac605097e82063ddbcbb0dd5b6a116d461511d34b343afc4092233f13c
- SSDEEP
  
  49152:27lgxQOjdfrB1VWuuJIwBXUVjDmXsScw2WEfykvNdM0a4J3C4ffysofoEIE1xL5C:2qfG+DPS1SQ0VEL7fTbdEwamHh
Score

10^/10

evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2