Overview

overview

7

Static

static

3

3ea72dd4bb...09.exe

windows7-x64

7

3ea72dd4bb...09.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3ea72dd4bbbfaab102a73c412c266809

  • Size

    136KB

  • Sample

    240103-qqbfaadedk

  • MD5

    3ea72dd4bbbfaab102a73c412c266809

  • SHA1

    2157bb5dbb0d802161e6922fa4f87a5128d7935f

  • SHA256

    24bfb8878c1c000adb90e508cfadee23e4d2750954bd1ab21bec2ae8acde2620

  • SHA512

    31c7a01040ee9025e8ff604e4743ab90adcc9dfb0ae453bdd918f960dc9eebfd378b56f10f55c89e5af269ff5587db6cea489ba9588604c17c8d08728eaeead9

  • SSDEEP

    3072:RGqn9XQqXTcjeJ0MjH80NSsdL8NEI20tG+Tx7NEMtn3KYUvwcsL:wikez7voNA0tDTt6MoYWwc0

Score
7/10
persistence

Malware Config

Targets

    • Target

      3ea72dd4bbbfaab102a73c412c266809

    • Size

      136KB

    • MD5

      3ea72dd4bbbfaab102a73c412c266809

    • SHA1

      2157bb5dbb0d802161e6922fa4f87a5128d7935f

    • SHA256

      24bfb8878c1c000adb90e508cfadee23e4d2750954bd1ab21bec2ae8acde2620

    • SHA512

      31c7a01040ee9025e8ff604e4743ab90adcc9dfb0ae453bdd918f960dc9eebfd378b56f10f55c89e5af269ff5587db6cea489ba9588604c17c8d08728eaeead9

    • SSDEEP

      3072:RGqn9XQqXTcjeJ0MjH80NSsdL8NEI20tG+Tx7NEMtn3KYUvwcsL:wikez7voNA0tDTt6MoYWwc0

    Score
    7/10
    persistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks