788dc217d410d6b8eed0b1a6aec335fbbe342572da89510ea84c5ea2c9059ef1 | Triage

Sharing

General

Target

c4e5cdc16301b12c280e8a8767ca43843ad28b70a4b53db5fc0f340685f8ea35.exe.zip
Size

24.1MB
Sample

231231-a4asxahddr
MD5

73b027a29203d89f47450f78f128ffbc
SHA1

7a5224979f8ed87d2c3519fa0e65e7013b9ea94b
SHA256

788dc217d410d6b8eed0b1a6aec335fbbe342572da89510ea84c5ea2c9059ef1
SHA512

0d7811858e45975413b3479929d6094c115cb90a70d78ccf508924f6bef0ebb63ceaf0e987b1a6e11b021de9d1f613f8f47bd3edfb9f2cfc311c5828e0f74b06
SSDEEP

786432:6Qj/048ZGTMw24Eb7VXzp6qG3UKQL1f5ame6b:do+2PNzW4pw6b

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  c4e5cdc16301b12c280e8a8767ca43843ad28b70a4b53db5fc0f340685f8ea35.exe
- Size
  
  24.2MB
- MD5
  
  ee66fec5d7695d605c8c6ccbcd004b0a
- SHA1
  
  f559d701a9b75943eb2f52c2870bee577780dfd0
- SHA256
  
  c4e5cdc16301b12c280e8a8767ca43843ad28b70a4b53db5fc0f340685f8ea35
- SHA512
  
  82c1a735879679468fc4e0e3f5d4a27a54160e41e8094f3a85447e2ffc9fdffb8f9cc140fddbbd546c8d9c86a88de985c361793c517b0a532487268bbdd93a7a
- SSDEEP
  
  786432:Xf/g8IccsSYwUtsmebmdJZu4whmap/3itUPNTb:Xf/UHRUGmebmZlw066a
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2