Overview

overview

8

Static

static

3

doc023571961504.exe

windows7-x64

8

doc023571961504.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc6594eecf69dffaea16f0131c645e8518b3438b2ed0aaf297de43f98e1a0d34

  • Size

    1.2MB

  • Sample

    240523-bztwnagg71

  • MD5

    deb0b9861ffe124cc22ecaa0758eef4e

  • SHA1

    ab0149a4307e16cfba9b57dc7b3d96dbdcd270f7

  • SHA256

    fc6594eecf69dffaea16f0131c645e8518b3438b2ed0aaf297de43f98e1a0d34

  • SHA512

    d7a2df4a172128f9eada6b9467327a74010753d49fb017522b1cce39476c670583d6bacc6e4e803cce766b79fa9dd15681d3964451ef0608a20c33cd45e11894

  • SSDEEP

    12288:EuoS1Rnqm/L+tMtjXl6SRxADTeXZTbdKh8ysikNfIUTe13:7T1Rqm/kCjXg4uPeXZvE8y/kNf

Score
8/10
execution

Malware Config

Targets

    • Target

      doc023571961504.bat

    • Size

      723KB

    • MD5

      5d572eb225e9dc9119dd119aadd8252b

    • SHA1

      7f2db9294c7790037fc7c96a638000536a0c10bc

    • SHA256

      3f215a602e7539ebf9d4ec18c590dcff3392bbe3bd86a0f3891c4f4dc97bf66f

    • SHA512

      ed82aa7325955c87df8f637caa27bd776d636034165815d7f312500ce845df1a9f25df41480484084cbed79dd959246ce58cafd467be1ab8d92ecf3b595d4c0b

    • SSDEEP

      12288:QuoS1Rnqm/L+tMtjXl6SRxADTeXZTbdKh8ysikNfIUTe13j:HT1Rqm/kCjXg4uPeXZvE8y/kNfE

    Score
    8/10
    execution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks