f68c15017e658bde9d8f5ed67365b313d09d9e55ca408410eb958852281f4593 | Triage

Resubmissions

22-04-2024 16:29

240422-tzfcdadd62 8

22-04-2024 16:29

240422-ty711add58 8

22-04-2024 16:27

240422-tyd3xsdd49 8

22-04-2024 16:21

240422-tt51vade5z 5

Sharing

General

Target

msedge_protected.exe
Size

7.7MB
Sample

240422-tyd3xsdd49
MD5

e1b9d6f7442752fdfe79a2ef028ff8f8
SHA1

aa6805656a9319336f17d38f972a5eb24d56cc8b
SHA256

f68c15017e658bde9d8f5ed67365b313d09d9e55ca408410eb958852281f4593
SHA512

1c330b7ad99fdbef0d0db9ed3677a38070494a7fd2e01dea81d5a00c710b339f4966b933fd14433f082a1b4bdfc924bf7493ea7aa720f24d2b81bffe826819af
SSDEEP

196608:bvpWiyvk4vkkGjc7dxiTO5LdjyNeBaZx1F5CqkChIHEmRKL:bv349/3QewB8Cap

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  msedge_protected.exe
- Size
  
  7.7MB
- MD5
  
  e1b9d6f7442752fdfe79a2ef028ff8f8
- SHA1
  
  aa6805656a9319336f17d38f972a5eb24d56cc8b
- SHA256
  
  f68c15017e658bde9d8f5ed67365b313d09d9e55ca408410eb958852281f4593
- SHA512
  
  1c330b7ad99fdbef0d0db9ed3677a38070494a7fd2e01dea81d5a00c710b339f4966b933fd14433f082a1b4bdfc924bf7493ea7aa720f24d2b81bffe826819af
- SSDEEP
  
  196608:bvpWiyvk4vkkGjc7dxiTO5LdjyNeBaZx1F5CqkChIHEmRKL:bv349/3QewB8Cap
Score

8^/10

evasion
- Blocklisted process makes network request
- Stops running service(s)
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1