General
-
Target
d132f0ddbfb5c89aecdfb4db1abf9551
-
Size
73KB
-
Sample
240317-sl48xahe9t
-
MD5
d132f0ddbfb5c89aecdfb4db1abf9551
-
SHA1
d602756bb7f53d18a8c4a083039e306cccb8327c
-
SHA256
1e924f2169c1f24cdaccb5f8a5e63cd07bf189514b8a9846e9cf8cc9bec9c50b
-
SHA512
2dad38dd1e4cbaf6d8eb6e9c778fc3221b13adae1bd27aec60ec74c82c9a4062c370e3bfe1e2bc7d8cba61232529bb115c300658685a62d0865a9a454f2709b5
-
SSDEEP
1536:Ag5YYNU8+3HHop4P9qBH2kaXR6QF7eWUu4ZaZP6nJ4a34rsVu:AiU86odQHh64y4P6J4rMu
Static task
static1
Behavioral task
behavioral1
Sample
d132f0ddbfb5c89aecdfb4db1abf9551.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d132f0ddbfb5c89aecdfb4db1abf9551.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
d132f0ddbfb5c89aecdfb4db1abf9551
-
Size
73KB
-
MD5
d132f0ddbfb5c89aecdfb4db1abf9551
-
SHA1
d602756bb7f53d18a8c4a083039e306cccb8327c
-
SHA256
1e924f2169c1f24cdaccb5f8a5e63cd07bf189514b8a9846e9cf8cc9bec9c50b
-
SHA512
2dad38dd1e4cbaf6d8eb6e9c778fc3221b13adae1bd27aec60ec74c82c9a4062c370e3bfe1e2bc7d8cba61232529bb115c300658685a62d0865a9a454f2709b5
-
SSDEEP
1536:Ag5YYNU8+3HHop4P9qBH2kaXR6QF7eWUu4ZaZP6nJ4a34rsVu:AiU86odQHh64y4P6J4rMu
Score10/10-
Modifies firewall policy service
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1