7a03e9c6f4b5e6ba1b0d48a9b9660711f3d44897c64f60cf3f07f43ccdc3ad4d | Triage

Sharing

General

Target

2XL.exe
Size

14KB
Sample

240222-wahgjsdf67
MD5

36367d4ca8c25ff75097353518735693
SHA1

3b92cd2781c5f5b0fdce49f8ee533bd1da0471c8
SHA256

7a03e9c6f4b5e6ba1b0d48a9b9660711f3d44897c64f60cf3f07f43ccdc3ad4d
SHA512

fd45e1fe109ee871108b617a5d271e4118300d81da1d789a31bfdce3bbf03eafddfac7c6f6728367ca74ceb9bc8fadb844677dd2b5f63419805ec4e2a99f0513
SSDEEP

384:pPoQ7ZfBtOrwJ5t0zgw0ZJnCfJptYcFwVc03K:lrZW80zgwcJujtYcFwVc6K

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  2XL.exe
- Size
  
  14KB
- MD5
  
  36367d4ca8c25ff75097353518735693
- SHA1
  
  3b92cd2781c5f5b0fdce49f8ee533bd1da0471c8
- SHA256
  
  7a03e9c6f4b5e6ba1b0d48a9b9660711f3d44897c64f60cf3f07f43ccdc3ad4d
- SHA512
  
  fd45e1fe109ee871108b617a5d271e4118300d81da1d789a31bfdce3bbf03eafddfac7c6f6728367ca74ceb9bc8fadb844677dd2b5f63419805ec4e2a99f0513
- SSDEEP
  
  384:pPoQ7ZfBtOrwJ5t0zgw0ZJnCfJptYcFwVc03K:lrZW80zgwcJujtYcFwVc6K
Score

8^/10

evasion persistence
- Downloads MZ/PE file
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistence