6e221f752f623d492d4aeb66718b4eb1e3a6408ab6f7bcd71e4e882a6d487744 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

sample.html

windows7-x64

1

sample.html

windows10-2004-x64

8

Sharing

General

Target

sample
Size

15KB
Sample

240412-l76kjahe26
MD5

177462f66e7efa0f38ba4353b6e179b6
SHA1

d59f5f45461b28e77e84c44f5828d035bf8f4286
SHA256

6e221f752f623d492d4aeb66718b4eb1e3a6408ab6f7bcd71e4e882a6d487744
SHA512

39b22f691bc7be3db4b3ac0a55506ad4029e242f5951881ed2ab95177963f927c77f717df70cb248879a3c76f538d50b98f7d72dab7b4aeebafa7e95c6536c40
SSDEEP

192:PNx5Ssv99qXoqTJkNr423ZPiipmAWyuxqSa0KfkYIBIwKflWTsCyEXN:5Ssl9qYoJkN0Jipmzy660KMYjtogEN

Score

8^/10

motw persistence phishing

Static task

static1

Behavioral task

behavioral1

Sample

sample.html

Resource

win7-20231129-en

windows7-x64

4 signatures

1800 seconds

Behavioral task

behavioral2

Sample

sample.html

Resource

win10v2004-20240226-en

motw persistence phishing

windows10-2004-x64

28 signatures

1800 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  15KB
- MD5
  
  177462f66e7efa0f38ba4353b6e179b6
- SHA1
  
  d59f5f45461b28e77e84c44f5828d035bf8f4286
- SHA256
  
  6e221f752f623d492d4aeb66718b4eb1e3a6408ab6f7bcd71e4e882a6d487744
- SHA512
  
  39b22f691bc7be3db4b3ac0a55506ad4029e242f5951881ed2ab95177963f927c77f717df70cb248879a3c76f538d50b98f7d72dab7b4aeebafa7e95c6536c40
- SSDEEP
  
  192:PNx5Ssv99qXoqTJkNr423ZPiipmAWyuxqSa0KfkYIBIwKflWTsCyEXN:5Ssl9qYoJkN0Jipmzy660KMYjtogEN
Score

8^/10

motw persistence phishing
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

motwpersistencephishing

© 2018-2024

Terms | Privacy