7b9cd5a84371f3f638e133f2b821e856aaa277dd1feb0fec5243e5b4b380fe61 | Triage

Sharing

General

Target

7b28cda4b59cc5235f1dd4e9412e1057
Size

139KB
Sample

240127-yv7y2sbbe5
MD5

7b28cda4b59cc5235f1dd4e9412e1057
SHA1

7f718dde53ad6995d15d35fcbcc621190a87ed21
SHA256

7b9cd5a84371f3f638e133f2b821e856aaa277dd1feb0fec5243e5b4b380fe61
SHA512

cab5f82089533a0979929a80e1465419bd55789ebcec21410d7c204b2739926d5adf0b0d1afbe16107765b61ce499e5b3d23f608c957a5216d29eb0a2c382e6d
SSDEEP

1536:jjVeoUGMZn1iPTk+P/KKe8m5r44HlM9m9dwbUJ1YWJ+v1CHisEdHJp1IHtC1PBq6:NeohMZ8zm5ri9YdlJCZvhsq3ecLaq8dM

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  7b28cda4b59cc5235f1dd4e9412e1057
- Size
  
  139KB
- MD5
  
  7b28cda4b59cc5235f1dd4e9412e1057
- SHA1
  
  7f718dde53ad6995d15d35fcbcc621190a87ed21
- SHA256
  
  7b9cd5a84371f3f638e133f2b821e856aaa277dd1feb0fec5243e5b4b380fe61
- SHA512
  
  cab5f82089533a0979929a80e1465419bd55789ebcec21410d7c204b2739926d5adf0b0d1afbe16107765b61ce499e5b3d23f608c957a5216d29eb0a2c382e6d
- SSDEEP
  
  1536:jjVeoUGMZn1iPTk+P/KKe8m5r44HlM9m9dwbUJ1YWJ+v1CHisEdHJp1IHtC1PBq6:NeohMZ8zm5ri9YdlJCZvhsq3ecLaq8dM
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistence

behavioral2