fcc68f6e41b44762bd7e9ce1213b366ee10790b5b0e668a8f74d050a36fdfd1f | Triage

Sharing

General

Target

7ec2e77211e97af72575872b8cc081a5.exe
Size

3.9MB
Sample

240423-r21d8ahb83
MD5

7ec2e77211e97af72575872b8cc081a5
SHA1

6bb22149e38bc7d5b97dc36027256a8ef7c83081
SHA256

fcc68f6e41b44762bd7e9ce1213b366ee10790b5b0e668a8f74d050a36fdfd1f
SHA512

60d60f7daf3ca2e3cce69e24220b248ee88a7b110252df10086fba10feb0f5a6bbaddbdcf6e099e244706b57a0823528dba0bbc5c141b22fa912d82b9795dfbc
SSDEEP

49152:JYQ9p/TMILu3UAJvYIJ7PBJw47z1CgFd5Tn3ZhNvhpR1aMo2IHT:Bpgt3ZvhpR1a5HT

Score

6^/10

microsoft persistence phishing

Malware Config

Targets

- Target
  
  7ec2e77211e97af72575872b8cc081a5.exe
- Size
  
  3.9MB
- MD5
  
  7ec2e77211e97af72575872b8cc081a5
- SHA1
  
  6bb22149e38bc7d5b97dc36027256a8ef7c83081
- SHA256
  
  fcc68f6e41b44762bd7e9ce1213b366ee10790b5b0e668a8f74d050a36fdfd1f
- SHA512
  
  60d60f7daf3ca2e3cce69e24220b248ee88a7b110252df10086fba10feb0f5a6bbaddbdcf6e099e244706b57a0823528dba0bbc5c141b22fa912d82b9795dfbc
- SSDEEP
  
  49152:JYQ9p/TMILu3UAJvYIJ7PBJw47z1CgFd5Tn3ZhNvhpR1aMo2IHT:Bpgt3ZvhpR1a5HT
Score

6^/10

persistence microsoft phishing
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

microsoftpersistencephishing