fa0d4585aac314d370386f8fdf8eb83dbad25cb22b571dd8a8a9abbd9a635905 | Triage

Sharing

General

Target

29aae1645f627d9621f8a0cbcc72876e
Size

140KB
Sample

231231-fyyknsdhh2
MD5

29aae1645f627d9621f8a0cbcc72876e
SHA1

1460b03a748e114f3bfc62eff3290729700901f5
SHA256

fa0d4585aac314d370386f8fdf8eb83dbad25cb22b571dd8a8a9abbd9a635905
SHA512

6b1c785d12b5dad8b01fbb0a4eb1bc5e5c81568a7cb8cdc079192217075be2eeeacb827f9650478370f9b0d706c9fa0b4227d9932d2818ff19403453121434c1
SSDEEP

3072:b1avQJ7ZoKRGXf2N5dqQiY1S7G0xp2coA:b1a4JWpwD1SRxpf

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  29aae1645f627d9621f8a0cbcc72876e
- Size
  
  140KB
- MD5
  
  29aae1645f627d9621f8a0cbcc72876e
- SHA1
  
  1460b03a748e114f3bfc62eff3290729700901f5
- SHA256
  
  fa0d4585aac314d370386f8fdf8eb83dbad25cb22b571dd8a8a9abbd9a635905
- SHA512
  
  6b1c785d12b5dad8b01fbb0a4eb1bc5e5c81568a7cb8cdc079192217075be2eeeacb827f9650478370f9b0d706c9fa0b4227d9932d2818ff19403453121434c1
- SSDEEP
  
  3072:b1avQJ7ZoKRGXf2N5dqQiY1S7G0xp2coA:b1a4JWpwD1SRxpf
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2