6f63952d569d65352cadb59dc95665dc01a2ccead6f2a84f8d89a9ee041aebe4 | Triage

Resubmissions

22-09-2023 18:57

230922-xme3mabg82 10

22-09-2023 18:42

230922-xch2jahf81 10

22-09-2023 18:40

230922-xbbwtshf7z 10

22-09-2023 18:36

230922-w8437shf7s 10

22-09-2023 18:09

230922-wrfdhsbe98 10

Sharing

General

Target

DV.exe
Size

5.4MB
Sample

230922-xbbwtshf7z
MD5

974cf9781ee4c391d8c78f68247e1b18
SHA1

13fc489bc589af5ebb2524b5969ddb3c75ace905
SHA256

6f63952d569d65352cadb59dc95665dc01a2ccead6f2a84f8d89a9ee041aebe4
SHA512

80122ed3b11c053b6896cfe4320e4edfb16db3a2a8b1176daa3f1b0e4be00054d8139fc707047bcdc3426166ce9eb8f1a2da9a3de2ada0496c7c44510d6cc3ac
SSDEEP

98304:5Ni77gLVLRv0kFWEu4f06A9u4f+38+BscmQI0vjkaYgucBg0i:5Ni77oVJ0kFWn4sWL3R7mQPuoE

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  DV.exe
- Size
  
  5.4MB
- MD5
  
  974cf9781ee4c391d8c78f68247e1b18
- SHA1
  
  13fc489bc589af5ebb2524b5969ddb3c75ace905
- SHA256
  
  6f63952d569d65352cadb59dc95665dc01a2ccead6f2a84f8d89a9ee041aebe4
- SHA512
  
  80122ed3b11c053b6896cfe4320e4edfb16db3a2a8b1176daa3f1b0e4be00054d8139fc707047bcdc3426166ce9eb8f1a2da9a3de2ada0496c7c44510d6cc3ac
- SSDEEP
  
  98304:5Ni77gLVLRv0kFWEu4f06A9u4f+38+BscmQI0vjkaYgucBg0i:5Ni77oVJ0kFWn4sWL3R7mQPuoE
Score

10^/10

evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1