8dd5a1d733cfcaac9ca4d2d7208febfb8e7ce1874cf549a9d5fd51ef7691dd58 | Triage

Sharing

General

Target

1ae0b5886ccc78a82e02472bf72151dd
Size

225KB
Sample

231230-rcwpqseaer
MD5

1ae0b5886ccc78a82e02472bf72151dd
SHA1

a6c45a11080e8ce9884f89ecb01b8c0bf000063e
SHA256

8dd5a1d733cfcaac9ca4d2d7208febfb8e7ce1874cf549a9d5fd51ef7691dd58
SHA512

f68896287b08a1a0457ad903793ff30ef2f6f957c308a12693d5b4334ed0f2247c295449a58fcb6a5b24ee0560e56cff071fda0b863943b4837455cd2cecc622
SSDEEP

3072:OJIcH/KbVY1/lHnzCF377sqQu71fCeuGxUiOn0lZMuayoh41aEbZX:OCcHyiNlHzCFLT7RhOn4ZMuahwaqX

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  1ae0b5886ccc78a82e02472bf72151dd
- Size
  
  225KB
- MD5
  
  1ae0b5886ccc78a82e02472bf72151dd
- SHA1
  
  a6c45a11080e8ce9884f89ecb01b8c0bf000063e
- SHA256
  
  8dd5a1d733cfcaac9ca4d2d7208febfb8e7ce1874cf549a9d5fd51ef7691dd58
- SHA512
  
  f68896287b08a1a0457ad903793ff30ef2f6f957c308a12693d5b4334ed0f2247c295449a58fcb6a5b24ee0560e56cff071fda0b863943b4837455cd2cecc622
- SSDEEP
  
  3072:OJIcH/KbVY1/lHnzCF377sqQu71fCeuGxUiOn0lZMuayoh41aEbZX:OCcHyiNlHzCFLT7RhOn4ZMuahwaqX
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistence

behavioral2