General

  • Target

    OneDrive.exe

  • Size

    4.6MB

  • Sample

    230903-wfsjpsbg25

  • MD5

    432d68cb451bb59c7deb1a632abd697e

  • SHA1

    2b32d06fbd91b0f12043aa4ba2f3ebfa4dcfe12e

  • SHA256

    91650b8ba04935b967fcd70c59de46ac7e3184d2c2ad9c68ada7134918348bb3

  • SHA512

    256ca2742c3b085c40f9b716ff1a75b02bf5723a0e12b02e32742158560ddd7f0451b5d6167f22708cf8c3ccf17810281875152169133147920cad71f373b1b3

  • SSDEEP

    49152:TBpcpjCuXgrVKjom2IdED5Fg0A3a0P4PKa4M3MQhkAwPSIzzWkooMlFaLwVsTq7G:YptwGomzbP4wMlVCVH3jM5su0

Score
10/10

Malware Config

Targets

    • Target

      OneDrive.exe

    • Size

      4.6MB

    • MD5

      432d68cb451bb59c7deb1a632abd697e

    • SHA1

      2b32d06fbd91b0f12043aa4ba2f3ebfa4dcfe12e

    • SHA256

      91650b8ba04935b967fcd70c59de46ac7e3184d2c2ad9c68ada7134918348bb3

    • SHA512

      256ca2742c3b085c40f9b716ff1a75b02bf5723a0e12b02e32742158560ddd7f0451b5d6167f22708cf8c3ccf17810281875152169133147920cad71f373b1b3

    • SSDEEP

      49152:TBpcpjCuXgrVKjom2IdED5Fg0A3a0P4PKa4M3MQhkAwPSIzzWkooMlFaLwVsTq7G:YptwGomzbP4wMlVCVH3jM5su0

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Stops running service(s)

    • Executes dropped EXE

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks