ed8239f5324cffe38a37b09143251e89175d602b56786e422556678c41387e84 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ed8239f5324cffe38a37b09143251e89175d602b56786e422556678c41387e84
Size

668KB
Sample

240415-wqp7bsfa7y
MD5

f5a9217e194d53e7278423686286a391
SHA1

fb77be3876a2dc7c3e310e9fa16e96e69915b315
SHA256

ed8239f5324cffe38a37b09143251e89175d602b56786e422556678c41387e84
SHA512

9011e6f131318d13a2d635356d48ac768c3e2f76dda8e7148d6431ee37db4a478a6cce9a1686d69b89d1ecfb7671844b4b76f35ab8efeff6c88b3f38f27fbf3b
SSDEEP

12288:tMMlcxAM4ssOdatX20XEnmf2xt8srDxm/RYSWt4lGU5626XJYSuDqe0HcBoB:1ciM4sAamfa8swC3OlGC6l5e0e

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  ed8239f5324cffe38a37b09143251e89175d602b56786e422556678c41387e84
- Size
  
  668KB
- MD5
  
  f5a9217e194d53e7278423686286a391
- SHA1
  
  fb77be3876a2dc7c3e310e9fa16e96e69915b315
- SHA256
  
  ed8239f5324cffe38a37b09143251e89175d602b56786e422556678c41387e84
- SHA512
  
  9011e6f131318d13a2d635356d48ac768c3e2f76dda8e7148d6431ee37db4a478a6cce9a1686d69b89d1ecfb7671844b4b76f35ab8efeff6c88b3f38f27fbf3b
- SSDEEP
  
  12288:tMMlcxAM4ssOdatX20XEnmf2xt8srDxm/RYSWt4lGU5626XJYSuDqe0HcBoB:1ciM4sAamfa8swC3OlGC6l5e0e
Score

8^/10

persistence
- Blocklisted process makes network request
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2