195f9997b103645d44dfe653fb226757ca459a6e26999612d3cfa74bab94ba8f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ConsoleApp.exe
Size

9.8MB
Sample

231012-hjaleaef37
MD5

ab1512ca28d7d83babf9a1ec51ec1e05
SHA1

736bb1041f2d3184476262ade155f773bef484f8
SHA256

195f9997b103645d44dfe653fb226757ca459a6e26999612d3cfa74bab94ba8f
SHA512

e4d7a23b239cb8dd3340abc5496a6618ed9589956aca7b1f6cb7d8d5bc0a7bfe81b2ef05d038d3fa056c3c9b6f09f0daf9a20a09d264c4914ef977e9152ed7b0
SSDEEP

196608:Xj+U9zbNVzIGfacGBb5mH7bSrzWWs1PTvxWwwNmr/HSsru:XT9jMGkBb50GwwchS

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  ConsoleApp.exe
- Size
  
  9.8MB
- MD5
  
  ab1512ca28d7d83babf9a1ec51ec1e05
- SHA1
  
  736bb1041f2d3184476262ade155f773bef484f8
- SHA256
  
  195f9997b103645d44dfe653fb226757ca459a6e26999612d3cfa74bab94ba8f
- SHA512
  
  e4d7a23b239cb8dd3340abc5496a6618ed9589956aca7b1f6cb7d8d5bc0a7bfe81b2ef05d038d3fa056c3c9b6f09f0daf9a20a09d264c4914ef977e9152ed7b0
- SSDEEP
  
  196608:Xj+U9zbNVzIGfacGBb5mH7bSrzWWs1PTvxWwwNmr/HSsru:XT9jMGkBb50GwwchS
Score

10^/10

evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Stops running service(s)
  evasion
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2