9e713b2a92900ad5f71d8a51fbe3196aebda4f60e07cb1483dbee40c897426df | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9e713b2a92900ad5f71d8a51fbe3196aebda4f60e07cb1483dbee40c897426df
Size

1.5MB
Sample

240307-fl7yksee58
MD5

69d72a9e10074990a569daa1594566f9
SHA1

1ea35ba41906f458da3a26cab20a93a59adc7c9d
SHA256

9e713b2a92900ad5f71d8a51fbe3196aebda4f60e07cb1483dbee40c897426df
SHA512

e6142e272dfc2f461225d7187476e14867c6694f582492faaf00f45858cf792c640771183b05d6fa7db7d223b38d5d02f7b3bf32c097424de8b44cc4bc644b16
SSDEEP

24576:iNMFX8Gf91zfBUwKcsNRE3uqjOTwfOwHL5f45AXQWMJ7rF4YWiZKZKs5QEnCcHUy:SmnLJUwqeJjOTaL5f4C81zDoZKs2g6S

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  9e713b2a92900ad5f71d8a51fbe3196aebda4f60e07cb1483dbee40c897426df
- Size
  
  1.5MB
- MD5
  
  69d72a9e10074990a569daa1594566f9
- SHA1
  
  1ea35ba41906f458da3a26cab20a93a59adc7c9d
- SHA256
  
  9e713b2a92900ad5f71d8a51fbe3196aebda4f60e07cb1483dbee40c897426df
- SHA512
  
  e6142e272dfc2f461225d7187476e14867c6694f582492faaf00f45858cf792c640771183b05d6fa7db7d223b38d5d02f7b3bf32c097424de8b44cc4bc644b16
- SSDEEP
  
  24576:iNMFX8Gf91zfBUwKcsNRE3uqjOTwfOwHL5f45AXQWMJ7rF4YWiZKZKs5QEnCcHUy:SmnLJUwqeJjOTaL5f4C81zDoZKs2g6S
Score

10^/10

persistence
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Process Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2