6e09b62d4feb68bd347e66b903503958bfb69c5d8f6408d7fe7546cd39ae191d | Triage

Sharing

General

Target

27279fef7becb54fd327f2adba9c500a
Size

39KB
Sample

231231-ehzmcsdhgm
MD5

27279fef7becb54fd327f2adba9c500a
SHA1

1b9cb10413b78c4a511c52a71f0b09d494c30b9b
SHA256

6e09b62d4feb68bd347e66b903503958bfb69c5d8f6408d7fe7546cd39ae191d
SHA512

fba971ad288af277be1d7b5b7a0ac112d76ea03f0f73a6a915761aa54236c92f7db2cb5a3b5b12264c353cdbeec53db30bf068ef1bbb76765392263fa947023d
SSDEEP

768:XXmmIlfh2z4MMDa0DUM/YytkxfJCbeT2zDGgRd6+2v2X6MQw/jUg:nmmIZhtblxtSfenDGo4+FXHQMR

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  27279fef7becb54fd327f2adba9c500a
- Size
  
  39KB
- MD5
  
  27279fef7becb54fd327f2adba9c500a
- SHA1
  
  1b9cb10413b78c4a511c52a71f0b09d494c30b9b
- SHA256
  
  6e09b62d4feb68bd347e66b903503958bfb69c5d8f6408d7fe7546cd39ae191d
- SHA512
  
  fba971ad288af277be1d7b5b7a0ac112d76ea03f0f73a6a915761aa54236c92f7db2cb5a3b5b12264c353cdbeec53db30bf068ef1bbb76765392263fa947023d
- SSDEEP
  
  768:XXmmIlfh2z4MMDa0DUM/YytkxfJCbeT2zDGgRd6+2v2X6MQw/jUg:nmmIZhtblxtSfenDGo4+FXHQMR
Score

8^/10

evasion persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistence

behavioral2