64f1ea7bf1b94f612d72ab74b36c11108b4b798adba3f2db79f4d5923e6d580a | Triage

Sharing

General

Target

Patch.exe
Size

1.2MB
Sample

240211-19ebdsdh84
MD5

bf5604a2957baa158daddaea930fb027
SHA1

b03cefe194e509bc15e63ae853ff2b1d5f2c6a52
SHA256

64f1ea7bf1b94f612d72ab74b36c11108b4b798adba3f2db79f4d5923e6d580a
SHA512

c634b4bbe7442ce5ab13e303f582ad4bacdc008e19a067f5a69e0add0c298bf33b1810251a8300ae1b0c0c8da18b1533aacbcdcecd32954e6cf67ab3fe7f2bc8
SSDEEP

24576:VrORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9TvazHeqtGfUYh:V2EYTb8atv1orq+pEiSDTj1VyvBazHe/

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  Patch.exe
- Size
  
  1.2MB
- MD5
  
  bf5604a2957baa158daddaea930fb027
- SHA1
  
  b03cefe194e509bc15e63ae853ff2b1d5f2c6a52
- SHA256
  
  64f1ea7bf1b94f612d72ab74b36c11108b4b798adba3f2db79f4d5923e6d580a
- SHA512
  
  c634b4bbe7442ce5ab13e303f582ad4bacdc008e19a067f5a69e0add0c298bf33b1810251a8300ae1b0c0c8da18b1533aacbcdcecd32954e6cf67ab3fe7f2bc8
- SSDEEP
  
  24576:VrORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9TvazHeqtGfUYh:V2EYTb8atv1orq+pEiSDTj1VyvBazHe/
Score

8^/10

evasion
- Blocklisted process makes network request
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2