6edf3f8dabf719490877b8ec4ddf67b6dae3782b0a5cd87c46de34bdd0d7f871 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b333686e53b5a06296a5c958c22ba5d2.exe
Size

10.1MB
Sample

230918-s8shmacf96
MD5

b333686e53b5a06296a5c958c22ba5d2
SHA1

fecbf0d8afcf410421f7a9eacdcf1f56b393e2c3
SHA256

6edf3f8dabf719490877b8ec4ddf67b6dae3782b0a5cd87c46de34bdd0d7f871
SHA512

a9a1c735c5acf97aa86ef445b7eb869c45af3b38e0f3265ce22c1b5d357c5b7ac35fda4ce2e43d6c3f3ac59b6171ebd0c8fc0f5aeca6fdfe5e0426c379755fef
SSDEEP

196608:aDclT9Ldc7nnabB8YaKkTDmy7z/fXXnbcV8:aWT9BynsbZSDh7z/fXAV8

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  b333686e53b5a06296a5c958c22ba5d2.exe
- Size
  
  10.1MB
- MD5
  
  b333686e53b5a06296a5c958c22ba5d2
- SHA1
  
  fecbf0d8afcf410421f7a9eacdcf1f56b393e2c3
- SHA256
  
  6edf3f8dabf719490877b8ec4ddf67b6dae3782b0a5cd87c46de34bdd0d7f871
- SHA512
  
  a9a1c735c5acf97aa86ef445b7eb869c45af3b38e0f3265ce22c1b5d357c5b7ac35fda4ce2e43d6c3f3ac59b6171ebd0c8fc0f5aeca6fdfe5e0426c379755fef
- SSDEEP
  
  196608:aDclT9Ldc7nnabB8YaKkTDmy7z/fXXnbcV8:aWT9BynsbZSDh7z/fXAV8
Score

10^/10

evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2