756e299d6e62579410a839ddd6f25dea110b4a369c438a3c4bd68d1bf0ee2d72 | Triage

Sharing

General

Target

Spooks.exe
Size

91KB
Sample

240424-v8eymsea8x
MD5

f9a22cfdd1a57a7727c4b7bcccb5dcbb
SHA1

3e4d5c69e595e9ae134b51ba6b4af05f3a5f6d0b
SHA256

756e299d6e62579410a839ddd6f25dea110b4a369c438a3c4bd68d1bf0ee2d72
SHA512

a7e2cc9350f053f612633e4a74852b40de0b55fa855ee14cdf6e469057bc8a42baeb5d225b9dc6a1b099dbba17690404ce122a22cf1fb8085c28949d245603e1
SSDEEP

1536:L7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfiwujb:H7DhdC6kzWypvaQ0FxyNTBfir

Score

10^/10

discovery evasion exploit trojan

Malware Config

Targets

- Target
  
  Spooks.exe
- Size
  
  91KB
- MD5
  
  f9a22cfdd1a57a7727c4b7bcccb5dcbb
- SHA1
  
  3e4d5c69e595e9ae134b51ba6b4af05f3a5f6d0b
- SHA256
  
  756e299d6e62579410a839ddd6f25dea110b4a369c438a3c4bd68d1bf0ee2d72
- SHA512
  
  a7e2cc9350f053f612633e4a74852b40de0b55fa855ee14cdf6e469057bc8a42baeb5d225b9dc6a1b099dbba17690404ce122a22cf1fb8085c28949d245603e1
- SSDEEP
  
  1536:L7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfiwujb:H7DhdC6kzWypvaQ0FxyNTBfir
Score

10^/10

discovery evasion exploit trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

File and Directory Permissions Modification

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryevasionexploittrojan